CVE-2022-46569

Vulnerability

A stack overflow vulnerability exists in the SetWLanRadioSecurity module of D-Link DIR-882 (firmware DIR882A1_FW130B06) and DIR-878 (firmware DIR_878_FW1.30B08) routers. The Key parameter passed to the /SetWLanRadioSecurity endpoint is processed by the decrypt_aes function and subsequently by sub_426D74, where a hex-decoded copy of the attacker-controlled input is written into a stack buffer (v6) without proper bounds checking, leading to a stack overflow [1][2].

Exploitation

An attacker must be authenticated to the router's web interface (typically at 192.168.0.1) and send a crafted HTTP POST request to /HNAP1/ with a malicious Key value in the SetWLanRadioSecurity SOAP action. The provided proof-of-concept (POC) demonstrates sending an oversized Key parameter that overflows the stack buffer [1][2]. No user interaction beyond authentication is required.

Impact

Successful exploitation overwrites the stack, potentially causing a denial of service (router crash) or, with careful manipulation, arbitrary code execution at the kernel or root privilege level. The attacker gains full control over the affected router, enabling further network compromise [1][2].

Mitigation

As of the publication date (2022-12-23), no firmware update or official patch has been released by D-Link. The affected models may be end-of-life; users are advised to replace the devices or restrict access to the management interface to trusted networks only. No workaround is available [1][2].