PT-2022-7102 · D Link · D-Link Dir-878+1
Wolin Zhuang
+1
·
Published
2022-12-23
·
Updated
2023-03-03
·
CVE-2022-46563
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-882 versions DIR882A1 FW130B06
D-Link DIR-878 versions DIR 878 FW1.30B08
Description
The issue is related to a buffer overflow in the SetDynamicDNSSettings module of the D-Link DIR-882 and DIR-878 wireless router firmware. This can be exploited by a remote attacker to execute arbitrary code. The vulnerability is specifically tied to a stack overflow via the
Password parameter in the SetDynamicDNSSettings module.Recommendations
For D-Link DIR-882 version DIR882A1 FW130B06, update the firmware to a version that fixes the buffer overflow issue in the SetDynamicDNSSettings module.
For D-Link DIR-878 version DIR 878 FW1.30B08, update the firmware to a version that fixes the buffer overflow issue in the SetDynamicDNSSettings module.
As a temporary workaround, consider restricting access to the SetDynamicDNSSettings module until a patch is available.
Avoid using the
Password parameter in the SetDynamicDNSSettings module until the issue is resolved.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-878
D-Link Dir-882