CVE-2022-30521

Vulnerability

A stack-based buffer overflow vulnerability exists in the D-Link DIR-890L router firmware, specifically in the LAN-side Web-Configuration Interface. The affected firmware version is DIR890LA1_FW107b09.bin and all previous versions. The vulnerability is present in the function at address 0x17958 within the /htdocs/cgibin binary. This function calls sprintf without validating the length of strings from HTTP header parameters, which can be controlled by an attacker.

Exploitation

An attacker must have LAN access to the router and send a specially crafted HTTP request to port 49152. By manipulating HTTP header parameters, the attacker can overflow the stack buffer, potentially leading to arbitrary code execution. No authentication is required.

Impact

Successful exploitation allows an attacker to execute arbitrary code on the device. Since the router typically runs with root privileges, this gives the attacker full control over the router, including the ability to modify network traffic, install malware, or use the device as a pivot point.

Mitigation

As of the publication date (2022-05-27), no fix has been released by D-Link. Users are advised to consider replacing the device with a supported model or implementing network segmentation to limit exposure. The reference [1] is a general security bulletin page that does not provide specific mitigation steps for this vulnerability.