Vulnerabilities > CVE-2022-25106 - Out-of-bounds Write vulnerability in Dlink Dir-859 A3 Firmware and Dir-859 Firmware

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

dlink

CWE-787

NVD

Published: 2022-03-04

Updated: 2022-03-12

Summary

D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DIR 859 Firmware 1.05 Dlink DIR 859 A3 Firmware 1.05	2
Hardware	Dlink Dlink DIR 859 - Dlink DIR 859 A3 -	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.dlink.com/en/security-bulletin/
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10267
https://github.com/chunklhit/cve/blob/master/dlink/DIR859/BufferOverflow.md