HomePentest-Tools.com Logo

D-Link DIR-867 Rev. A <= v1.30B07 RCE Vulnerability CVE-2022-41140

Severity
CVSSv3 Score
8.8
Vulnerability description

D-Link DIR-867 Rev. A devices are prone to a remote command execution (RCE) vulnerability.

Risk description

The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.

Recommendation

No known solution is available as of 01st March, 2023. Information regarding this issue will be updated once solution details are available.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jan 26, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available