CVE-2022-46570

Vulnerability

A stack overflow vulnerability exists in the SetWan3Settings module of D-Link DIR-882 (firmware DIR882A1_FW130B06) and DIR-878 (firmware DIR_878_FW1.30B08) routers. The issue occurs when the WAN mode is set to PPPoE. The Password parameter obtained via /SetWan3Settings/Password is controllable by an attacker and is passed to the decrypt_aes function, which then passes it to the sub_426D74 function. In this function, the input is hex-decoded into a stack buffer, leading to a stack overflow [1][2].

Exploitation

To exploit this vulnerability, an attacker must have network access to the router's web interface (typically on port 80) and be authenticated as an administrator. The attacker sends a crafted POST request to the /HNAP1/ endpoint with the SOAPACTION header set to "http://purenetworks.com/HNAP1/SetWan3Settings" and includes a malicious Password parameter in the XML body that overflows the stack buffer [1][2].

Impact

Successful exploitation allows an attacker to cause a stack overflow, potentially leading to arbitrary code execution or denial of service. The attacker could gain full control of the router or disrupt its operation, compromising network integrity and confidentiality.

Mitigation

As of the publication date, no official fix has been provided by D-Link. The referenced security bulletin page [3] does not list a specific patch for this vulnerability. Users are advised to monitor D-Link's security advisories for future updates. If the devices are end-of-life (EOL), no patch may be released; consider replacing affected routers with supported models.