CVE-2022-46560

Vulnerability

A stack overflow vulnerability exists in the SetWan2Settings module of D-Link DIR-882 (firmware DIR882A1_FW130B06) and DIR-878 (firmware DIR_878_FW1.30B08) routers [1][2][3][4]. The issue occurs when the WAN mode is set to PPPoE, PPTP, or L2TP; the Password parameter is passed through decrypt_aes and then into function sub_426D74, where a hex decode operation copies attacker-controlled data onto a fixed-size stack buffer without bounds checking, leading to overflow [1][2][3][4].

Exploitation

An attacker must be authenticated to the router's web interface (typically at 192.168.0.1) and send a crafted SOAP request to the /HNAP1/ endpoint with the SetWan2Settings action [1][2][3][4]. The Password field in the XML payload contains an overly long hex-encoded string that, when decoded, overflows the stack buffer [1][2][3][4]. No user interaction beyond the initial authentication is required.

Impact

Successful exploitation corrupts the stack, which can crash the router (denial of service) or, with careful manipulation of return addresses, allow arbitrary code execution at the kernel or system level [1][2][3][4]. The attacker gains full control over the affected device, potentially enabling further network compromise.

Mitigation

As of the publication date (2022-12-23), no official patch has been released by D-Link [1][2][3][4]. Users should restrict administrative access to trusted networks only, disable remote management if not needed, and monitor for firmware updates from D-Link. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog at the time of writing.