CVE-2022-46568

Vulnerability

A stack overflow vulnerability exists in the SetSysEmailSettings module of D-Link DIR-882 (firmware version DIR882A1_FW130B06) and DIR-878 (firmware version DIR_878_FW1.30B08) routers [1][2]. The AccountPassword parameter, obtained from the SOAP request, is copied into a stack buffer without proper bounds checking. The data is then passed through a decryption function and a hex-decoding loop, ultimately overflowing a local stack variable (v6) [1][2].

Exploitation

An attacker must have network access to the router's web interface and valid administrative credentials (the SetSysEmailSettings action requires authentication). The exploit is delivered via a crafted HTTP POST request to /HNAP1/ with a maliciously long AccountPassword value in the XML body [1][2]. The overflow occurs during the subsequent decryption and hex-decoding operations, overwriting adjacent stack memory [1][2].

Impact

Successful exploitation can corrupt stack data, potentially leading to arbitrary code execution with root privileges (the router runs as root). At a minimum, the overflow causes a denial of service by crashing the device [1][2].

Mitigation

As of the publication date (2022-12-23), D-Link has not released a firmware update to address this vulnerability. The affected models may be end-of-life; users should check the D-Link security bulletin for any future patches [3]. No workaround is available. This CVE is not listed in the Known Exploited Vulnerabilities (KEV) catalog.