CVE-2022-38873

Published: Dec 20, 2022Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header.

Affected (11)

Products: Dlink: Dap 2310 Firmware, Dap 2330 Firmware, Dap 2360 Firmware, Dap 2553 Firmware, Dap 2660 Firmware, Dap 2690 Firmware, Dap 2695 Firmware, Dap 3320 Firmware, Dap 3662 Firmware

9 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2310 Firmware	Up to 2.10rc036

Running on/with	Platform Versions
Dlink Dap 2310	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2330 Firmware	Up to 1.06rc020

Running on/with	Platform Versions
Dlink Dap 2330	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2360 Firmware	Up to 2.10rc050

Running on/with	Platform Versions
Dlink Dap 2360	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2553 Firmware	Up to 3.10rc031

Running on/with	Platform Versions
Dlink Dap 2553	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2660 Firmware	Up to 1.15rc093

Running on/with	Platform Versions
Dlink Dap 2660	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2690 Firmware	Up to 3.20rc106

Running on/with	Platform Versions
Dlink Dap 2690	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2695 Firmware	Before 1.20rc119
Dlink Dap 2695 Firmware	Version 1.20rc119 beta31

Running on/with	Platform Versions
Dlink Dap 2695	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 3320 Firmware	Before 1.05rc027
Dlink Dap 3320 Firmware	Version 1.05rc027 beta

Running on/with	Platform Versions
Dlink Dap 3320	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 3662 Firmware	Up to 1.05rc047

Running on/with	Platform Versions
Dlink Dap 3662	All versions

Related CWEs

CWE-345

Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (4)

https://github.com/Yuhao-W/BUG--D-Link--Firmware-Update-Vulnerabilities/blob/main/README.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.dlink.com/en/security-bulletin/

Source: cve@mitre.org

Vendor Advisory

https://github.com/Yuhao-W/BUG--D-Link--Firmware-Update-Vulnerabilities/blob/main/README.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.dlink.com/en/security-bulletin/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.