Filtered by vendor Dlink Subscriptions
Filtered by product Dap 2622 Firmware Subscriptions

Search

Switch to Advanced Search (Beta)
Total 23 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-35738 1 Dlink 3 Dap-2622, Dap-2622 Firmware, Dap 2622 Firmware 2025-05-13 8.8 High
D-Link DAP-2622 DDP Configuration Backup Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20065.
CVE-2023-35739 1 Dlink 3 Dap-2622, Dap-2622 Firmware, Dap 2622 Firmware 2025-05-13 8.8 High
D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20066.
CVE-2023-35741 1 Dlink 3 Dap-2622, Dap-2622 Firmware, Dap 2622 Firmware 2025-05-13 8.8 High
D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20068.