CVE-2022-37134
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/08/2022
Last modified:
08/08/2023
Description
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:dlink:dir-816_firmware:1.10cnb04:*:*:*:*:*:*:* | ||
cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page