First published: Fri May 27 2022(Updated: )
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-890l Firmware | <=1.07b09 | |
Dlink Dir-890l |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-30521.
The severity of CVE-2022-30521 is critical with a CVSS score of 9.8.
The D-Link Wi-Fi router firmware version DIR-890L DIR890LA1_FW107b09.bin and previous versions are affected by CVE-2022-30521.
No, the D-Link DIR-890L router itself is not vulnerable to CVE-2022-30521.
To fix the CVE-2022-30521 vulnerability, you should update your D-Link Wi-Fi router firmware to a version that is not vulnerable.