CVE-2022-41140: Unauthenticated RCE bug affects multiple D-Link routers
A critical buffer overflow & remote code execution (RCE) vulnerability affected several D-Link routers that were unpatched.
Tracked as CVE-2022-41140 and featuring a CVSS score of 8.8, the vulnerability was found in DIR-867, DIR-878, and DIR-882-US routers, all of which are supported, but only the DIR-878 model received a patch.
The issue can be triggered without authentication by sending specially crafted input to the lighttpd service, to trigger a command injection. The lighttpd service listens on TCP port 80 by default. An attacker able to trigger the vulnerability could achieve full system compromise.
“A stack-based buffer overflow in the prog.cgi binary in D-Link DIR-867. A crafted HTTP request can cause the program to use `strcat()` to create a overly long string on a 512-byte stack buffer,” read the advisory.
The CVE-2022-41140 results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.
Discovered by an anonymous researcher working with Trend Micro Zero Day Initiative, the security flaw was reported to D-Link in February. D-Link has already confirmed the existence of this vulnerability and the fact that the first Beta Hotfix patch for the DIR-878 model was released. D-Link says that the fixed firmware for DIR-867, and DIR-882-US is developing. A firmware update will be provided as soon as it becomes available via support.dlink.com.
|Model||Hardware Revision||Affected FW||Fixed FW||Recommendation||Last Updated|
|DIR-867||All Ax Hardware Revisions||v1.30B07 & Below||Under Development||Pending Release||03/04/2022|
|DIR-878||All Ax Hardware Revisions||v1.30B08-Hotfix & Below||v1.30b08_Beta_Hotfix||Upgrade to Beta Hotfix||04/01/2022|
|DIR-882-US||All Ax Hardware Revisions||v1.30B06-Hotfix & Below||Under Development||Pending Release||03/04/2022|
Customers of D-Link appliances are highly recommended to apply patches and upgrades released by the company to mitigate potential threats.