CVE-2022-38873

CWE-3453 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 68.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dap-2695 Firmware Dlink Dap-3320 Firmware Dlink Dap-2310 Firmware +6 more

Timeline

PublishedDec 20

Description

D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶NVDdlink/dap-2695_firmware< 1.20rc119+1

▶NVDdlink/dap-3320_firmware< 1.05rc027+1

▶NVDdlink/dap-2310_firmware2.10rc036

▶NVDdlink/dap-2330_firmware1.06rc020

▶NVDdlink/dap-2360_firmware2.10rc050

🔴Vulnerability Details

CVEList

CVE-2022-38873: D-Link devices DAP-2310 v2↗2022-12-20

▶

GHSA

GHSA-j3gx-wf89-g4rx: D-Link devices DAP-2310 v2↗2022-12-20

▶