CVE-2022-30521
Last modified
CVE-2022-30521 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. EPSS estimates a 13.64% chance of exploitation in the next 30 days.
Description
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-890l Firmware | <= 1.07b09 |
References
- https://github.com/winmt/CVE/blob/main/DIR-890L/README.mdExploit, Third Party Advisory
- https://www.dlink.com/en/security-bulletin/Vendor Advisory
- https://github.com/winmt/CVE/blob/main/DIR-890L/README.mdExploit, Third Party Advisory
- https://www.dlink.com/en/security-bulletin/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-30521?
How severe is CVE-2022-30521?
How do I fix CVE-2022-30521?
Are you affected by CVE-2022-30521?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST