CVE-2022-30521

Name of the Vulnerable Software and Affected Versions D-Link DIR-890L versions prior to DIR890LA1 FW107b09.bin

Description The issue is related to a stack-based buffer overflow vulnerability in the LAN-side Web-Configuration Interface of the D-Link Wi-Fi router firmware. This vulnerability is caused by the incorrect checking of string lengths in parameters given by HTTP headers in the sprintf() function. Exploitation of this issue can allow an attacker to execute arbitrary code by sending a specially constructed payload to port 49152.

Recommendations For versions prior to DIR890LA1 FW107b09.bin, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to port 49152 to minimize the risk of exploitation.