PT-2023-2358 · D Link · D-Link Dir820La1
Published
2023-02-07
·
Updated
2023-03-18
·
CVE-2023-25282
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DIR820LA1 versions prior to FW106B02
Description
The issue is related to a heap overflow vulnerability in the D-Link DIR820LA1 router's firmware. This vulnerability can be exploited by a remote attacker to cause a denial of service. The exploitation is possible via the
config.log to syslog and log opt dropPackets parameters to the mydlink api.ccp endpoint.Recommendations
For D-Link DIR820LA1 version prior to FW106B02, consider updating to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the
mydlink api.ccp endpoint until a patch is available.
Avoid using the config.log to syslog and log opt dropPackets parameters in the affected endpoint until the issue is resolved.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir820La1