PT-2022-7092 · D Link · D-Link Dir-878+1
Wolin Zhuang
+1
·
Published
2022-12-23
·
Updated
2023-03-03
·
CVE-2022-46569
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-882 versions DIR882A1 FW130B06
D-Link DIR-878 versions DIR 878 FW1.30B08
Description
The issue is related to a buffer overflow in the SetWLanRadioSecurity module of the D-Link DIR-882 and DIR-878 wireless router firmware. This can be exploited by a remote attacker to execute arbitrary code via a stack overflow, specifically through the
Key parameter in the SetWLanRadioSecurity module.Recommendations
For D-Link DIR-882 version DIR882A1 FW130B06, update the firmware to a version that fixes the buffer overflow issue in the SetWLanRadioSecurity module.
For D-Link DIR-878 version DIR 878 FW1.30B08, update the firmware to a version that fixes the buffer overflow issue in the SetWLanRadioSecurity module.
As a temporary workaround, consider restricting access to the SetWLanRadioSecurity module to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-878
D-Link Dir-882