CVE-2023-37320

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

8.8HIGH

EPSS

2.2%

top 15.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dap-2622 Firmware D-link Dap-2622

Timeline

PublishedMay 3

Description

D-Link DAP-2622 DDP Set SSID List SSID Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDdlink/dap-2622_firmware< 1.10b03r022

▶CVEListV5d-link/dap-26221.00 dated 16-12-2020

Patches

Patch: supportannouncement.us.dlink.com ↗Patch: supportannouncement.us.dlink.com ↗

🔴Vulnerability Details

CVEList

D-Link DAP-2622 DDP Set SSID List SSID Name Stack-based Buffer Overflow Remote Code Execution Vulnerability↗2024-05-03

▶

GHSA

GHSA-mg36-pmfg-w8g5: D-Link DAP-2622 DDP Set SSID List SSID Name Stack-based Buffer Overflow Remote Code Execution Vulnerability↗2024-05-03

▶