Details of VAR-202211-1698

ID

VAR-202211-1698

CVE

CVE-2022-44807

TITLE

D-Link DIR-882 webGetVarString function buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-85551

DESCRIPTION

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. D-Link DIR-882 is a wireless router made by China D-Link Company. The vulnerability is due to the lack of length verification of the input data in its webGetVarString function. Attackers can exploit the vulnerability to cause denial of service or remote code execution

Trust: 1.44

sources: NVD: CVE-2022-44807 // CNVD: CNVD-2022-85551

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-85551

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-882	scope:	eq	version:	1.10b02	Trust: 1.0
vendor:	dlink	model:	dir-882	scope:	eq	version:	1.20b06	Trust: 1.0
vendor:	d link	model:	dir-882 1.20b06	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-882 1.10b02	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-85551 // NVD: CVE-2022-44807

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-44807
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2022-85551
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202211-3305
value:	CRITICAL
Trust: 0.6

CNVD:	CNVD-2022-85551
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-44807
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-85551 // CNNVD: CNNVD-202211-3305 // NVD: CVE-2022-44807

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2022-44807

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3305

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202211-3305

EXTERNAL IDS

db:	NVD	id:	CVE-2022-44807	Trust: 2.2
db:	CNVD	id:	CNVD-2022-85551	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-3305	Trust: 0.6

sources: CNVD: CNVD-2022-85551 // CNNVD: CNNVD-202211-3305 // NVD: CVE-2022-44807

REFERENCES

url:	https://www.dlink.com/en/security-bulletin/	Trust: 2.2
url:	https://github.com/robinwang825/iot_vuln/tree/main/d-link/dir-882/5	Trust: 1.6
url:	https://cxsecurity.com/cveshow/cve-2022-44807/	Trust: 0.6

sources: CNVD: CNVD-2022-85551 // CNNVD: CNNVD-202211-3305 // NVD: CVE-2022-44807

SOURCES

db:	CNVD	id:	CNVD-2022-85551
db:	CNNVD	id:	CNNVD-202211-3305
db:	NVD	id:	CVE-2022-44807

LAST UPDATE DATE

2024-08-14T14:55:08.074000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-85551	date:	2022-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202211-3305	date:	2022-11-24T00:00:00
db:	NVD	id:	CVE-2022-44807	date:	2022-11-23T19:53:11.583

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-85551	date:	2022-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202211-3305	date:	2022-11-22T00:00:00
db:	NVD	id:	CVE-2022-44807	date:	2022-11-22T15:15:13.613