DAP-2622 DDP Change ID Password Auth Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability
20 juni, 2023
On June 5, 2023, 3rd party security research from TrendMicro ZDI reported the D-Link DAP-2622 hardware revision Ax with firmware version v1.00 as having a boundary error in the device's DDP service. This vulnerability can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code on the device.
As soon as D-Link was made aware of the reported security issues, we promptly started our investigation and began developing security patches.
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.
- Reported by TrendMicro ZDI
- ZDI-CAN-20061: D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability
|v1.00 & below
|v1.10B03 Beta Hot-Fix
|Upgrade to hot-fix patch