OpenCVE

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dir-816 Dir-816 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-816_firmware:1.10cnb04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/form2Wan_cgi/readme.md
https://www.dlink.com/en/security-bulletin/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-22T14:41:44

Updated: 2024-08-03T10:21:33.147Z

Reserved: 2022-08-01T00:00:00

Link: CVE-2022-37134

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-22T15:15:16.870

Modified: 2024-11-21T07:14:30.113

Link: CVE-2022-37134

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-22T14:41:44", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dlink.com/en/security-bulletin/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/form2Wan_cgi/readme.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-37134", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.dlink.com/en/security-bulletin/", "refsource": "MISC", "url": "https://www.dlink.com/en/security-bulletin/"}, {"name": "https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/form2Wan_cgi/readme.md", "refsource": "MISC", "url": "https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/form2Wan_cgi/readme.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:21:33.147Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dlink.com/en/security-bulletin/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/form2Wan_cgi/readme.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-37134", "datePublished": "2022-08-22T14:41:44", "dateReserved": "2022-08-01T00:00:00", "dateUpdated": "2024-08-03T10:21:33.147Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-816_firmware:1.10cnb04:*:*:*:*:*:*:*", "matchCriteriaId": "94848253-66CF-4F67-979E-0913F153A578", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*", "matchCriteriaId": "1A3AC507-7219-401E-AC60-12D96382E4B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow."}, {"lang": "es", "value": "D-link DIR-816 versi\u00f3n A2_v1.10CNB04.img, es vulnerable a un Desbordamiento de B\u00fafer por medio del archivo /goform/form2Wan.cgi. Cuando wantype es 3, l2tp_usrname ser\u00e1 descifrado por base64, y el resultado es almacenado en v94, que no comprueba el tama\u00f1o de l2tp_usrname, resultando en un desbordamiento de pila."}], "id": "CVE-2022-37134", "lastModified": "2024-11-21T07:14:30.113", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-22T15:15:16.870", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/form2Wan_cgi/readme.md"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.dlink.com/en/security-bulletin/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/form2Wan_cgi/readme.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dlink.com/en/security-bulletin/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "nvd@nist.gov", "type": "Primary"}]}