Sign-up

ID

VAR-202206-0282


CVE

CVE-2022-30521


TITLE

of D-Link Japan Co., Ltd.  dir-890l  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-011084

DESCRIPTION

The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. of D-Link Japan Co., Ltd. dir-890l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-890L is a wireless router. The D-Link DIR-890L has a binary vulnerability that an attacker can exploit to gain control of the server

Trust: 2.25

sources: NVD: CVE-2022-30521 // JVNDB: JVNDB-2022-011084 // CNVD: CNVD-2022-51196 // VULMON: CVE-2022-30521

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['network device']sub_category:Wi-Fi router

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2022-51196

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-890lscope:lteversion:1.07b09

Trust: 1.0

vendor:ディーリンクジャパン株式会社model:dir-890lscope: - version: -

Trust: 0.8

vendor:ディーリンクジャパン株式会社model:dir-890lscope:lteversion:dir-890l firmware 1.07b09 and earlier

Trust: 0.8

vendor:ディーリンクジャパン株式会社model:dir-890lscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-890l <=1.07b09scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-51196 // JVNDB: JVNDB-2022-011084 // NVD: CVE-2022-30521

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-30521
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-30521
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-51196
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202206-233
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-30521
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-30521
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-51196
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-30521
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-30521
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-51196 // VULMON: CVE-2022-30521 // JVNDB: JVNDB-2022-011084 // CNNVD: CNNVD-202206-233 // NVD: CVE-2022-30521

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-011084 // NVD: CVE-2022-30521

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-233

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202206-233

PATCH

title:Patch for D-Link DIR-890L Exists Binary Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/337011

Trust: 0.6

title:D-Link DIR-890L Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195955

Trust: 0.6

title: - url:https://github.com/fxc233/iot-vul

Trust: 0.1

sources: CNVD: CNVD-2022-51196 // VULMON: CVE-2022-30521 // CNNVD: CNNVD-202206-233

EXTERNAL IDS

db:NVDid:CVE-2022-30521

Trust: 4.0

db:JVNDBid:JVNDB-2022-011084

Trust: 0.8

db:CNVDid:CNVD-2022-51196

Trust: 0.6

db:CNNVDid:CNNVD-202206-233

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2022-30521

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2022-51196 // VULMON: CVE-2022-30521 // JVNDB: JVNDB-2022-011084 // CNNVD: CNNVD-202206-233 // NVD: CVE-2022-30521

REFERENCES

url:https://github.com/winmt/cve/blob/main/dir-890l/readme.md

Trust: 2.5

url:https://www.dlink.com/en/security-bulletin/

Trust: 2.5

url:https://github.com/winmt/my-vuls/tree/main/dir-890l

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-30521

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-30521/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/fxc233/iot-vul

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-30521 // JVNDB: JVNDB-2022-011084 // CNNVD: CNNVD-202206-233 // NVD: CVE-2022-30521

SOURCES

db:OTHERid: -
db:CNVDid:CNVD-2022-51196
db:VULMONid:CVE-2022-30521
db:JVNDBid:JVNDB-2022-011084
db:CNNVDid:CNNVD-202206-233
db:NVDid:CVE-2022-30521

LAST UPDATE DATE

2025-01-30T21:31:10.014000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-51196date:2022-07-13T00:00:00
db:VULMONid:CVE-2022-30521date:2022-06-13T00:00:00
db:JVNDBid:JVNDB-2022-011084date:2023-08-18T08:22:00
db:CNNVDid:CNNVD-202206-233date:2022-06-14T00:00:00
db:NVDid:CVE-2022-30521date:2024-11-21T07:02:52.197

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-51196date:2022-07-14T00:00:00
db:VULMONid:CVE-2022-30521date:2022-06-02T00:00:00
db:JVNDBid:JVNDB-2022-011084date:2023-08-18T00:00:00
db:CNNVDid:CNNVD-202206-233date:2022-06-02T00:00:00
db:NVDid:CVE-2022-30521date:2022-06-02T14:15:53.897