7.5
CVE-2022-38873
- EPSS 0.13%
- Published 20.12.2022 20:15:09
- Last modified 17.04.2025 14:15:20
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header.
Data is provided by the National Vulnerability Database (NVD)
Dlink ≫ Dap-2310 Firmware Version <= 2.10rc036
Dlink ≫ Dap-2330 Firmware Version <= 1.06rc020
Dlink ≫ Dap-2360 Firmware Version <= 2.10rc050
Dlink ≫ Dap-2553 Firmware Version <= 3.10rc031
Dlink ≫ Dap-2660 Firmware Version <= 1.15rc093
Dlink ≫ Dap-2690 Firmware Version <= 3.20rc106
Dlink ≫ Dap-2695 Firmware Version < 1.20rc119
Dlink ≫ Dap-2695 Firmware Version1.20rc119 Updatebeta31
Dlink ≫ Dap-3320 Firmware Version < 1.05rc027
Dlink ≫ Dap-3320 Firmware Version1.05rc027 Updatebeta
Dlink ≫ Dap-3662 Firmware Version <= 1.05rc047
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.331 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.