CVE-2022-47035

EUVD-2022-49813
Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
dlinkdir-825_firmware
𝑥
≤ 1.33.0.44ebdd4-embedded
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10314
https://www.dlink.com/en/security-bulletin/
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10314
https://www.dlink.com/en/security-bulletin/