CVE-2022-43002: n/a in n/a
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.
AI Analysis
Technical Summary
CVE-2022-43002 is a critical stack overflow vulnerability identified in the D-Link DIR-816 A2 router firmware version 1.10 B05. The vulnerability arises from improper handling of the wizardstep54_pskpwd parameter in the /goform/form2WizardStep54 endpoint. Specifically, the parameter allows an attacker to overflow the stack by sending crafted input, which can lead to arbitrary code execution. This vulnerability is classified under CWE-787 (Out-of-bounds Write), indicating that the flaw involves writing data outside the intended buffer boundaries. The CVSS v3.1 base score of 9.8 reflects the high severity, with an attack vector of network (AV:N), no required privileges (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Exploitation does not require authentication or user interaction, making it highly accessible to remote attackers. Although no known exploits are currently reported in the wild, the critical nature and ease of exploitation make it a significant threat to affected devices. The lack of vendor or product details beyond the router model and firmware version suggests limited public information, but the vulnerability clearly targets a widely deployed consumer-grade router model. Successful exploitation could allow attackers to take full control of the device, intercept or manipulate network traffic, disrupt network availability, or pivot into internal networks.
Potential Impact
For European organizations, especially small and medium enterprises or home offices relying on D-Link DIR-816 A2 routers, this vulnerability poses a severe risk. Compromise of these routers can lead to unauthorized access to internal networks, interception of sensitive data, and disruption of business operations. Given the router's role as a network gateway, attackers could deploy malware, conduct man-in-the-middle attacks, or use the device as a foothold for lateral movement within corporate or home networks. The critical severity and remote exploitability without authentication increase the likelihood of attacks targeting vulnerable devices. Additionally, the potential for widespread impact exists if these routers are used in critical infrastructure or by organizations handling sensitive personal or financial data under GDPR regulations, raising compliance and reputational risks.
Mitigation Recommendations
Since no official patch or vendor advisory is currently available, European organizations should take immediate steps to mitigate risk. First, identify all D-Link DIR-816 A2 routers running firmware version 1.10 B05 within the network. If possible, isolate these devices from critical network segments or restrict access to the router management interface to trusted IP addresses only. Disable remote management features to reduce exposure. Employ network-level protections such as intrusion detection/prevention systems (IDS/IPS) with signatures targeting exploitation attempts against this vulnerability. Monitor network traffic for unusual activity related to the /goform/form2WizardStep54 endpoint. Where feasible, replace vulnerable routers with updated models or alternative devices with active vendor support. Regularly check for firmware updates from D-Link and apply patches promptly once available. Additionally, educate users about the risks and encourage strong network segmentation and use of VPNs to limit exposure.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2022-43002: n/a in n/a
Description
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.
AI-Powered Analysis
Technical Analysis
CVE-2022-43002 is a critical stack overflow vulnerability identified in the D-Link DIR-816 A2 router firmware version 1.10 B05. The vulnerability arises from improper handling of the wizardstep54_pskpwd parameter in the /goform/form2WizardStep54 endpoint. Specifically, the parameter allows an attacker to overflow the stack by sending crafted input, which can lead to arbitrary code execution. This vulnerability is classified under CWE-787 (Out-of-bounds Write), indicating that the flaw involves writing data outside the intended buffer boundaries. The CVSS v3.1 base score of 9.8 reflects the high severity, with an attack vector of network (AV:N), no required privileges (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Exploitation does not require authentication or user interaction, making it highly accessible to remote attackers. Although no known exploits are currently reported in the wild, the critical nature and ease of exploitation make it a significant threat to affected devices. The lack of vendor or product details beyond the router model and firmware version suggests limited public information, but the vulnerability clearly targets a widely deployed consumer-grade router model. Successful exploitation could allow attackers to take full control of the device, intercept or manipulate network traffic, disrupt network availability, or pivot into internal networks.
Potential Impact
For European organizations, especially small and medium enterprises or home offices relying on D-Link DIR-816 A2 routers, this vulnerability poses a severe risk. Compromise of these routers can lead to unauthorized access to internal networks, interception of sensitive data, and disruption of business operations. Given the router's role as a network gateway, attackers could deploy malware, conduct man-in-the-middle attacks, or use the device as a foothold for lateral movement within corporate or home networks. The critical severity and remote exploitability without authentication increase the likelihood of attacks targeting vulnerable devices. Additionally, the potential for widespread impact exists if these routers are used in critical infrastructure or by organizations handling sensitive personal or financial data under GDPR regulations, raising compliance and reputational risks.
Mitigation Recommendations
Since no official patch or vendor advisory is currently available, European organizations should take immediate steps to mitigate risk. First, identify all D-Link DIR-816 A2 routers running firmware version 1.10 B05 within the network. If possible, isolate these devices from critical network segments or restrict access to the router management interface to trusted IP addresses only. Disable remote management features to reduce exposure. Employ network-level protections such as intrusion detection/prevention systems (IDS/IPS) with signatures targeting exploitation attempts against this vulnerability. Monitor network traffic for unusual activity related to the /goform/form2WizardStep54 endpoint. Where feasible, replace vulnerable routers with updated models or alternative devices with active vendor support. Regularly check for firmware updates from D-Link and apply patches promptly once available. Additionally, educate users about the risks and encourage strong network segmentation and use of VPNs to limit exposure.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-17T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d981bc4522896dcbd9af1
Added to database: 5/21/2025, 9:08:43 AM
Last enriched: 7/5/2025, 2:54:43 PM
Last updated: 7/28/2025, 10:50:29 PM
Views: 12
Related Threats
CVE-2025-8975: Cross Site Scripting in givanz Vvveb
MediumCVE-2025-55716: CWE-862 Missing Authorization in VeronaLabs WP Statistics
MediumCVE-2025-55714: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crocoblock JetElements For Elementor
MediumCVE-2025-55713: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in CreativeThemes Blocksy
MediumCVE-2025-55712: CWE-862 Missing Authorization in POSIMYTH The Plus Addons for Elementor Page Builder Lite
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.