CVE-2022-47035

Published: Jan 31, 2023Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.

Affected (1)

Products: Dlink: Dir 825 Firmware

Dlink

1 product

Dir 825 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 825 Firmware	Up to 1.33.0.44ebdd4-embedded

Running on/with	Platform Versions
Dlink Dir 825	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10314

Source: cve@mitre.org

PatchVendor Advisory

https://www.dlink.com/en/security-bulletin/

Source: cve@mitre.org

Vendor Advisory

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10314

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.dlink.com/en/security-bulletin/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.