CVE-2023-25282 — Out-of-bounds Write in Dlink Dir-820l Firmware

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.8%

top 25.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-820l Firmware

Timeline

PublishedMar 15

Description

A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDdlink/dir-820l_firmware1.06b02

🔴Vulnerability Details

CVEList

CVE-2023-25282: A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config↗2023-03-15

▶

GHSA

GHSA-9v8c-fhq7-pr7w: A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config↗2023-03-15

▶