PT-2022-7095 · D Link · D-Link Dir-878+1
Wolin Zhuang
+1
·
Published
2022-12-23
·
Updated
2023-03-03
·
CVE-2022-46562
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-882 versions DIR882A1 FW130B06
D-Link DIR-878 versions DIR 878 FW1.30B08
Description
The issue is related to a buffer overflow in the SetQuickVPNSettings module of the D-Link DIR-882 and DIR-878 wireless router firmware. This can be exploited by a remote attacker to execute arbitrary code via a stack overflow, specifically through the
PSK parameter in the SetQuickVPNSettings module.Recommendations
For D-Link DIR-882 version DIR882A1 FW130B06, update the firmware to a version that fixes the buffer overflow issue in the SetQuickVPNSettings module.
For D-Link DIR-878 version DIR 878 FW1.30B08, update the firmware to a version that fixes the buffer overflow issue in the SetQuickVPNSettings module.
As a temporary workaround, consider restricting access to the SetQuickVPNSettings module until a patch is available.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-878
D-Link Dir-882