CVE-2022-38873
HIGHD-Link DAP-2310 Firmware < 2.10rc036 - Denial of Service via Crafted Firmware Header
Title source: llmDescription
D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/Yuhao-W/BUG--D-Link--Firmware-Update-Vulnerabilities/blob/main/README.md
Vendor Advisory
https://www.dlink.com/en/security-bulletin/
Scores
CVSS v3
7.5
EPSS
0.0049
EPSS Percentile
38.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-345
Status
published
Products (11)
dlink/dap-2310_firmware
< 2.10rc036
dlink/dap-2330_firmware
< 1.06rc020
dlink/dap-2360_firmware
< 2.10rc050
dlink/dap-2553_firmware
< 3.10rc031
dlink/dap-2660_firmware
< 1.15rc093
dlink/dap-2690_firmware
< 3.20rc106
dlink/dap-2695_firmware
1.20rc119 beta31
dlink/dap-2695_firmware
< 1.20rc119
dlink/dap-3320_firmware
1.05rc027 beta
dlink/dap-3320_firmware
< 1.05rc027
... and 1 more
Published
Dec 20, 2022
Tracked Since
Feb 18, 2026