DAP-2622 DDP Change ID Password Auth Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability
20 Juni, 2023
On June 5, 2023, 3rd party security research from TrendMicro ZDI reported the D-Link DAP-2622 hardware revision Ax with firmware version v1.00 as having a boundary error in the device's DDP service. This vulnerability can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code on the device.
As soon as D-Link was made aware of the reported security issues, we promptly started our investigation and began developing security patches.
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.
Report information
- Reported by TrendMicro ZDI
- ZDI-CAN-20061: D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability
Affected Models
Model | Hardware Revision | Region | Affected FW | Fixed FW | Recommendation | Last Updated |
DAP-2622 | Ax | Worldwide | v1.00 & below | v1.10B03 Beta Hot-Fix |
Upgrade to hot-fix patch |
19/06/2023 |