CVE-2021-43722

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICAL

EPSS

1.4%

top 19.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-645 Firmware

Timeline

PublishedMar 31

Latest updateApr 1

Description

D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDdlink/dir-645_firmware1.03

🔴Vulnerability Details

GHSA

GHSA-g42p-p7j5-qqx7: D-Link DIR-645 1↗2022-04-01

▶

CVEList

CVE-2021-43722: D-Link DIR-645 1↗2022-03-31

▶