10

CVE-2022-30521

Exploit

EPSS 7.45%
Veröffentlicht 02.06.2022 14:15:53
Zuletzt bearbeitet 21.11.2024 07:02:52
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dlink ≫ Dir-890l Firmware Version <= 1.07b09

Dlink ≫ Dir-890l Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.45%	0.914

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.dlink.com/en/security-bulletin/

Vendor Advisory

https://github.com/winmt/CVE/blob/main/DIR-890L/README.md

Third Party Advisory

Exploit

https://github.com/winmt/my-vuls/tree/main/DIR-890L

https://nvd.nist.gov/vuln/detail/CVE-2022-30521

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-30521

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-30521

EUVD