Lucene search

[email protected]NVD:CVE-2022-36588

HistorySep 08, 2022 - 12:15 a.m.

CVE-2022-36588

2022-09-0800:15:10

CWE-120

[email protected]

web.nvd.nist.gov

d-link

buffer overflow

firmware

fileaccess.cgi

vulnerability

strncpy

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.1%

JSON

In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy.

Affected configurations

Nvd

Node

dlinkdap-1650_firmwareMatch1.04b02_j65h

AND

dlinkdap-1650Match-

VendorProductVersionCPE
dlinkdap-1650_firmware1.04b02_j65hcpe:2.3:o:dlink:dap-1650_firmware:1.04b02_j65h:*:*:*:*:*:*:*
dlinkdap-1650-cpe:2.3:h:dlink:dap-1650:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dap-1650_firmware	1.04b02_j65h	cpe:2.3:o:dlink:dap-1650_firmware:1.04b02_j65h:::::::*
dlink	dap-1650	-	cpe:2.3:h:dlink:dap-1650:-:::::::*

References

github.com/Davidteeri/Bug-Report/blob/main/dlink-dap1650-0x419EF8.md

support.dlink.com/ProductInfo.aspx?m=DAP-1650

www.dlink.com/en/security-bulletin/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.1%

JSON

Related for NVD:CVE-2022-36588

cvelist1 prion1 cve1