Lucene search

[email protected]CVE-2022-27286

HistoryApr 10, 2022 - 9:15 p.m.

CVE-2022-27286

2022-04-1021:15:08

CWE-787

[email protected]

web.nvd.nist.gov

cve-2022-27286

d-link

dir-619 ax

stack overflow

formsetwannonlogin

denial of service

dos

curtime parameter

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.4%

JSON

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.

Affected configurations

NVD

Node

dlinkdir-619_ax_firmwareMatch1.00

AND

dlinkdir-619_axMatch-

CPENameOperatorVersion
dlink:dir-619_ax_firmwaredlink dir-619 ax firmwareeq1.00

CPE	Name	Operator	Version
dlink:dir-619_ax_firmware	dlink dir-619 ax firmware	eq	1.00

References

github.com/wu610777031/IoT_Hunter/blob/main/DIR-619%20Buffer%20Overflow.pdf

www.dlink.com/en/security-bulletin/

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.4%

JSON

Related for CVE-2022-27286

cvelist1 prion1 cnvd1 nvd1