Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-29pr-hmrg-229w

Опубликовано: 03 мая 2024
Источник: github
Github: Не прошло ревью
CVSS3: 8.8

Описание

D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20087.

D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20087.

EPSS

Процентиль: 81%
0.01626
Низкий

8.8 High

CVSS3

Дефекты

CWE-121
CWE-787

Связанные уязвимости

CVSS3: 8.8
nvd
больше 1 года назад

D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20087.

CVSS3: 8.8
fstec
почти 2 года назад

Уязвимость службы DDP микропрограммного обеспечения беспроводных точек доступа D-Link DAP-2622, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 81%
0.01626
Низкий

8.8 High

CVSS3

Дефекты

CWE-121
CWE-787