PT-2022-7100 · D Link · D-Link Dir-878+1
Wolin Zhuang
+1
·
Published
2022-12-23
·
Updated
2023-03-03
·
CVE-2022-46570
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-882 versions DIR882A1 FW130B06
D-Link DIR-878 versions DIR 878 FW1.30B08
Description
The issue is related to a buffer overflow in the SetWan3Settings module of the D-Link DIR-882 and DIR-878 wireless router firmware. This can be exploited by a remote attacker to execute arbitrary code via a stack overflow, specifically through the
Password parameter in the SetWan3Settings module.Recommendations
For D-Link DIR-882 version DIR882A1 FW130B06, update the firmware to a version that fixes the buffer overflow issue in the SetWan3Settings module.
For D-Link DIR-878 version DIR 878 FW1.30B08, update the firmware to a version that fixes the buffer overflow issue in the SetWan3Settings module.
As a temporary workaround, consider restricting access to the SetWan3Settings module until a patch is available.
Avoid using the
Password parameter in the SetWan3Settings module until the issue is resolved.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-878
D-Link Dir-882