D-Link DAP-2622 DDP Set SSID List SSID Name Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-37320
8.8HIGH
What is CVE-2023-37320?
A significant security vulnerability exists in the D-Link DAP-2622 routers due to a stack-based buffer overflow in the DDP service. This flaw arises from improper validation of the length of user-supplied data before it is copied to a fixed-length buffer. Network-adjacent attackers have the potential to exploit this vulnerability, enabling arbitrary code execution in the root context of the device. The need for authentication during this process is eliminated, posing a serious risk to the device and any connected networks.
Affected Version(s)
DAP-2622 1.00 dated 16-12-2020