A vulnerability, which was classified as problematic, has been found in D-Link DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2660, DAP-2690, DAP-2695, DAP-3320 and DAP-3662. Affected by this issue is an unknown part of the component Firmware Header Handler. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability. CVE summarizes:

D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header.

The weakness was published 12/21/2022. The advisory is shared for download at github.com. This vulnerability is handled as CVE-2022-38873 since 08/29/2022. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 01/21/2023). The MITRE ATT&CK project declares the attack technique as T1499.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entries are available at VDB-180533, VDB-180557 and VDB-180558.

Productinfo

Vendor

• D-Link

Name

• DAP-2310
• DAP-2330
• DAP-2360
• DAP-2553
• DAP-2660
• DAP-2690
• DAP-2695
• DAP-3320
• DAP-3662

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion