CVE-2022-46475 in DIR-645A1
Summary
by MITRE • 01/18/2023
D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/04/2025
The vulnerability identified as CVE-2022-46475 represents a critical stack overflow condition within the D-Link DIR 645 router firmware version 1.06B01_Beta01. This issue manifests through the service= parameter within the genacgi_main function, creating a potential entry point for malicious actors to exploit the device's memory management. The stack overflow vulnerability occurs when the router fails to properly validate input parameters, allowing an attacker to manipulate the service variable to overwrite adjacent memory locations on the stack. This type of vulnerability falls under the Common Weakness Enumeration category CWE-121, which specifically addresses stack-based buffer overflow conditions where insufficient bounds checking permits memory corruption. The affected device operates with a web-based administration interface that processes CGI requests, making it susceptible to remote exploitation through crafted HTTP requests that target the vulnerable genacgi_main function.
The operational impact of this vulnerability extends beyond simple memory corruption, as it provides potential attackers with a pathway to execute arbitrary code on the affected router. When successfully exploited, the stack overflow could enable attackers to gain unauthorized access to the device's administrative functions, potentially leading to complete system compromise. The vulnerability's remote exploitability means that attackers do not require physical access to the device, making it particularly dangerous in networked environments. The router's web interface serves as the primary attack vector, where the service parameter is processed without adequate input sanitization, allowing malicious payloads to be injected and executed within the router's memory space. This scenario aligns with ATT&CK technique T1059.007, which covers scripting through web shells, and represents a significant threat to network security infrastructure.
Mitigation strategies for CVE-2022-46475 should prioritize immediate firmware updates from D-Link, as the vendor has likely released patches to address this specific stack overflow condition. Network administrators should implement network segmentation to limit exposure of affected devices and monitor for suspicious traffic patterns that might indicate exploitation attempts. The vulnerability's susceptibility to remote code execution necessitates defensive measures such as firewall rules that restrict access to the router's web interface, particularly from untrusted networks. Additionally, implementing intrusion detection systems capable of identifying malformed CGI requests targeting the service parameter can provide early warning of attempted exploitation. Security professionals should also consider disabling unnecessary services and features on the router to reduce the attack surface. The remediation process should include comprehensive network scanning to identify all affected DIR 645 devices within the organization's infrastructure, followed by systematic firmware updates to ensure all vulnerable units are properly patched. Regular security assessments of networked devices should be conducted to identify similar vulnerabilities in other network equipment, as this type of stack overflow represents a common class of weakness in embedded systems and network appliances.