Details of VAR-202211-1601

ID

VAR-202211-1601

CVE

CVE-2022-44804

TITLE

D-Link DIR-882 websRedirect function buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-85552

DESCRIPTION

D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. D-Link DIR-882 is a wireless router made by China D-Link Company. The vulnerability is due to the lack of length verification of the input data in the websRedirect function. Attackers can exploit the vulnerability to cause denial of service or remote code execution

Trust: 1.44

sources: NVD: CVE-2022-44804 // CNVD: CNVD-2022-85552

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-85552

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-882	scope:	eq	version:	1.10b02	Trust: 1.0
vendor:	dlink	model:	dir-882	scope:	eq	version:	1.20b06	Trust: 1.0
vendor:	d link	model:	dir-882 1.20b06	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-882 1.10b02	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-85552 // NVD: CVE-2022-44804

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-44804
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2022-85552
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202211-3307
value:	CRITICAL
Trust: 0.6

CNVD:	CNVD-2022-85552
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-44804
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-85552 // CNNVD: CNNVD-202211-3307 // NVD: CVE-2022-44804

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2022-44804

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3307

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202211-3307

EXTERNAL IDS

db:	NVD	id:	CVE-2022-44804	Trust: 2.2
db:	CNVD	id:	CNVD-2022-85552	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-3307	Trust: 0.6

sources: CNVD: CNVD-2022-85552 // CNNVD: CNNVD-202211-3307 // NVD: CVE-2022-44804

REFERENCES

url:	https://www.dlink.com/en/security-bulletin/	Trust: 2.2
url:	https://github.com/robinwang825/iot_vuln/tree/main/d-link/dir-882/2	Trust: 1.6
url:	https://cxsecurity.com/cveshow/cve-2022-44804/	Trust: 0.6

sources: CNVD: CNVD-2022-85552 // CNNVD: CNNVD-202211-3307 // NVD: CVE-2022-44804

SOURCES

db:	CNVD	id:	CNVD-2022-85552
db:	CNNVD	id:	CNNVD-202211-3307
db:	NVD	id:	CVE-2022-44804

LAST UPDATE DATE

2024-08-14T13:42:16.199000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-85552	date:	2022-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202211-3307	date:	2022-11-24T00:00:00
db:	NVD	id:	CVE-2022-44804	date:	2022-11-23T19:53:30.910

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-85552	date:	2022-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202211-3307	date:	2022-11-22T00:00:00
db:	NVD	id:	CVE-2022-44804	date:	2022-11-22T15:15:13.143