CVE-2023-35729

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DAP-2622 (affected versions not specified)

Description The issue is related to a buffer overflow in the stack of the DDP service in the D-Link DAP-2622 wireless access point firmware. This can be exploited by a remote attacker to execute arbitrary code. The flaw exists due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. No authentication is required to exploit this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Stack Overflow

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119CWE-787

Related Identifiers

BDU:2023-05480

CVE-2023-35729

ZDI-23-1235

Affected Products

D-Link Dap-2622

CVE-2023-35729

Weakness Enumeration

Related Identifiers

Affected Products

References · 8