CVE-2022-38873 - OpenCVE

D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dap-2310 Dap-2310 Firmware Dap-2330 Dap-2330 Firmware Dap-2360 Dap-2360 Firmware Dap-2553 Dap-2553 Firmware Dap-2660 Dap-2660 Firmware Dap-2690 Dap-2690 Firmware Dap-2695 Dap-2695 Firmware Dap-3320 Dap-3320 Firmware Dap-3662 Dap-3662 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dap-2310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-2310:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dlink:dap-2330_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-2330:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dlink:dap-2360_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-2360:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dlink:dap-2553_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-2553:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dlink:dap-2660_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-2660:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dlink:dap-2690_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-2690:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:o:dlink:dap-2695_firmware::::::::
	cpe:2.3:o:dlink:dap-2695_firmware:1.20rc119:beta31::::::

cpe:2.3:h:dlink:dap-2695:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:o:dlink:dap-3320_firmware::::::::
	cpe:2.3:o:dlink:dap-3320_firmware:1.05rc027:beta::::::

cpe:2.3:h:dlink:dap-3320:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dlink:dap-3662_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-3662:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Yuhao-W/BUG--D-Link--Firmware-Update-Vulnerabilities/blob/main/README.md
https://www.dlink.com/en/security-bulletin/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-20T00:00:00

Updated: 2024-08-03T11:02:14.746Z

Reserved: 2022-08-29T00:00:00

Link: CVE-2022-38873

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-12-20T20:15:09.730

Modified: 2022-12-29T17:31:17.430

Link: CVE-2022-38873

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object