CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2022-29325

High Severity|Dlink
69
SVRS
9.8
CVSSv3
0.035
EPSS
TAGSNo tags available
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:UC:HI:HA:H
PUBLICATION DATE2022-05-10
LAST MODIFIED2024-08-03

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

Security Intelligence Brief

1. What is this vulnerability and why does it matter?
This vulnerability, identified as CVE-2022-29325, is a stack overflow in the D-Link DIR-816 A2 router, specifically affecting firmware version v1.10CNB04. The overflow occurs via the `addurlfilter` parameter within the `/goform/websURLFilter` endpoint. Stack overflows are critical vulnerabilities because they can allow an attacker to overwrite portions of the program's memory, potentially leading to denial of service, arbitrary code execution, or full control over the compromised device. For a network device like a router, successful exploitation could grant an attacker the ability to intercept or redirect network traffic, launch further attacks on internal networks, or use the device as part of a botnet.
2. What are the CVSS score, severity level, and disclosure details?
  • CVSS Score: 9.8 (Base Score)
  • Severity Level: Critical. A CVSS score of 9.8 indicates the highest level of severity, signifying that the vulnerability is easily exploitable and has a devastating impact.
  • Disclosure Details: This vulnerability was publicly disclosed and published on 2022-05-10 13:16:50 UTC. The last modification to its entry was on 2024-08-03 06:17:54 UTC.
3. Which products, vendors, systems, and versions are affected?
  • Vendor: D-Link
  • Product: DIR-816 A2 router
  • Affected Version: Firmware v1.10CNB04
  • System: Embedded systems running the specified D-Link router firmware.
4. What is the technical root cause and attack vector?
  • Technical Root Cause: The fundamental root cause is a classic stack overflow error. This typically occurs when a program attempts to write more data to a buffer located on the call stack than the buffer is designed to hold. This overwrites adjacent stack frames, including potentially critical data like return addresses, leading to unexpected program behavior or control flow hijacking. In this specific case, the vulnerability lies within the handling of input to the `addurlfilter` parameter.
  • Attack Vector: The attack vector is likely through the device's web interface. An attacker can supply an overly long or malformed string to the `addurlfilter` parameter when interacting with the `/goform/websURLFilter` endpoint. This interaction could be through a crafted HTTP request, possibly requiring authentication depending on the endpoint's access controls.
5. How can this vulnerability be exploited?
Exploitation involves sending a specially crafted input to the vulnerable parameter. An attacker would send an HTTP request to the D-Link DIR-816 A2 router's web interface, targeting the `/goform/websURLFilter` endpoint. Within this request, the `addurlfilter` parameter would contain an excessively long string designed to exceed the buffer's capacity on the stack. Upon processing this oversized input, the stack overflow condition is met, allowing the attacker to overwrite the stack. Depending on the specifics of the overflow and the architecture, this could lead to:
  • Denial of Service (DoS): The router's web server or the device itself may crash, rendering it inoperable until rebooted.
  • Arbitrary Code Execution: By carefully crafting the overflow data, an attacker may be able to overwrite a return address on the stack, diverting program execution to malicious code injected into memory. This could allow for full control over the router.
7. How can vulnerable systems be detected?
Vulnerable systems can be detected by:
  • Firmware Version Check: Directly checking the firmware version of D-Link DIR-816 A2 routers. Any device running firmware version v1.10CNB04 is considered vulnerable. This information is typically available through the router's administrative web interface.
  • Network Scanning: Using network vulnerability scanners that include signatures for CVE-2022-29325. These scanners may be able to identify the specific D-Link model and vulnerable firmware version.
  • Asset Inventory: Organizations should maintain an accurate inventory of all network devices, including router models and their installed firmware versions, to quickly identify affected assets.
10. What public intelligence references and advisories exist?
The primary public intelligence reference for this vulnerability is its Common Vulnerabilities and Exposures (CVE) identifier: CVE-2022-29325. This entry provides the fundamental details about the vulnerability, including its description, severity, and affected products.
11. What is the risk assessment and urgency level?
  • Risk Assessment: The risk associated with CVE-2022-29325 is assessed as High. A CVSS score of 9.8 designates this as a critical vulnerability. Stack overflows in network devices commonly lead to remote code execution (RCE), which allows an attacker to gain complete control over the device. Given that the affected device is a router, successful exploitation could lead to significant data breaches, network compromise, and the ability to pivot to other systems on the internal network.
  • Urgency Level: The urgency level is Immediate. Due to the critical severity and the potential for complete device compromise and wider network impact, organizations and individuals using the affected D-Link DIR-816 A2 (firmware v1.10CNB04) should prioritize patching or implementing mitigation strategies without delay.

No IOCs found for this CVE

No exploits found for this CVE

SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

No news found for this CVE

No tweets found for this CVE

Configuration 1
TypeVendorProduct
OSDlinkdir-816_firmware
ReferenceLink
MISChttps://www.dlink.com/en/security-bulletin/
MISChttps://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-816/8
MISChttps://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-816/8
MISChttps://www.dlink.com/en/security-bulletin/
GITHUBhttps://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-816/8
GITHUBhttps://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-816/8
GITHUBhttps://www.dlink.com/en/security-bulletin/
CWE IDCWE NameDescription
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access