CVE-2022-43000

Name of the Vulnerable Software and Affected Versions D-Link DIR-816 A2 version 1.10 B05

Description The issue is related to a stack overflow in the /goform/form2WizardStep4 component of the D-Link DIR-816 A2 router's firmware. This can be exploited via the wizardstep4 pskpwd parameter, potentially allowing a remote attacker to execute arbitrary code.

Recommendations For D-Link DIR-816 A2 version 1.10 B05, consider restricting access to the /goform/form2WizardStep4 endpoint and avoid using the wizardstep4 pskpwd parameter until a patch is available. As a temporary workaround, disabling the vulnerable component may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.