CVE-2022-46563 : D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878

D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetDynamicDNSSettings module.

Published 2022-12-23 19:15:12

Updated 2023-03-03 21:15:11

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2022-46563

Dlink » Dir-882 A1 Firmware » Version: 1.30b06
cpe:2.3:o:dlink:dir-882_a1_firmware:1.30b06:*:*:*:*:*:*:*
Matching versions
When used together with: Dlink » Dir-882 A1 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-46563

EPSS FAQ

0.94%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-46563

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-46563

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-46563

https://hackmd.io/@0dayResearch/HkDzZLCUo

Exploit;Third Party Advisory
https://www.dlink.com/en/security-bulletin/

Security Bulletin | D-Link
Vendor Advisory

CVEs referencing this url
https://hackmd.io/@0dayResearch/SetDynamicDNSSettings

D-Link DIR-878 was discovered stack overflow in the SetDynamicDNSSettings module - HackMD

Jump to

Vulnerability Details : CVE-2022-46563

Products affected by CVE-2022-46563

Exploit prediction scoring system (EPSS) score for CVE-2022-46563

CVSS scores for CVE-2022-46563

CWE ids for CVE-2022-46563

References for CVE-2022-46563