1. What is this vulnerability and why does it matter?

This vulnerability, identified as CVE-2022-46568, is a stack overflow. Specifically, it involves an out-of-bounds write (CWE-787) due to improper handling of input data. Stack overflows are critical because they can lead to memory corruption, causing denial of service (DoS), unpredictable system behavior, or, in many cases, arbitrary code execution, allowing an attacker to gain control over the affected device.

2. What are the CVSS score, severity level, and disclosure details?

The CVSS score for this vulnerability is 7.2. Based on this score, the severity level is classified as HIGH. The vulnerability was publicly disclosed on December 23, 2022, and was last modified on April 15, 2025.

3. Which products, vendors, systems, and versions are affected?

The following products and their specific firmware versions from D-Link are affected:

• D-Link DIR-882 router, firmware version DIR882A1_FW130B06
• D-Link DIR-878 router, firmware version DIR_878_FW1.30B08

4. What is the technical root cause and attack vector?

The technical root cause of this vulnerability is a stack-based buffer overflow. This occurs due to insufficient bounds checking when handling user-supplied input. The attack vector specifically involves the `AccountPassword` parameter within the `SetSysEmailSettings` module. An attacker can supply an excessively long string to this parameter, causing the program to write beyond the allocated buffer on the stack.

5. How can this vulnerability be exploited?

An attacker can exploit this vulnerability by sending a crafted request to the affected D-Link router. This request must contain a malicious, oversized value for the `AccountPassword` parameter within the `SetSysEmailSettings` module. Upon processing this oversized input, the device's software will write past the boundary of a buffer allocated on the stack, leading to a stack overflow. Depending on the memory layout and the attacker's control over the overflowed data, this could result in denial of service or potentially arbitrary code execution.

7. How can vulnerable systems be detected?

Vulnerable systems can be detected by identifying the specific models and firmware versions of D-Link routers in use. Administrators should:

• Check the model number (DIR-882, DIR-878) of D-Link routers.
• Verify the installed firmware version against the known affected versions: DIR882A1_FW130B06 for DIR-882 and DIR_878_FW1.30B08 for DIR-878.

10. What public intelligence references and advisories exist?

The primary public intelligence reference for this issue is the Common Vulnerabilities and Exposures (CVE) entry: CVE-2022-46568.

11. What is the risk assessment and urgency level?

The risk assessment for CVE-2022-46568 is HIGH, indicated by its CVSS score of 7.2. Stack overflow vulnerabilities, especially in network devices like routers, are critical as they can lead to severe impacts, including denial of service, data corruption, or even full system compromise through remote code execution. Given that these devices often operate at the perimeter of a network, successful exploitation could provide an attacker with a significant foothold. Therefore, the urgency level for addressing this vulnerability is HIGH. Organizations and individuals using the affected D-Link routers should prioritize mitigation efforts.