CVE-2022-44929 is a critical access control vulnerability identified in the D-Link DVG-G5402SP device, specifically in its GE_1.03 firmware version. This vulnerability allows unauthenticated attackers to escalate privileges by arbitrarily editing VoIP SIB (Subscriber Information Base) profiles. The core issue stems from improper access control mechanisms (classified under CWE-276: Incorrect Default Permissions) that fail to restrict unauthorized modification of sensitive VoIP configuration data. Exploiting this flaw requires no authentication or user interaction, and can be performed remotely over the network (AV:N). The vulnerability impacts confidentiality, integrity, and availability, as attackers can manipulate VoIP profiles to intercept, redirect, or disrupt voice communications, potentially gaining administrative control over the device. The CVSS v3.1 base score is 9.8, reflecting the ease of exploitation and the severe impact on system security. Although no public exploits have been reported in the wild yet, the high severity and straightforward exploitation vector make this a significant threat to organizations using the affected D-Link device for VoIP services.

For European organizations, especially those relying on D-Link DVG-G5402SP devices for VoIP telephony infrastructure, this vulnerability poses a substantial risk. Successful exploitation could lead to unauthorized access to internal voice communications, enabling eavesdropping, call interception, or manipulation of call routing. This compromises confidentiality and could facilitate further lateral movement within corporate networks. Integrity of communication is also at risk, as attackers could alter VoIP configurations to disrupt services or inject malicious payloads. Availability may be impacted through denial-of-service conditions caused by misconfigured or corrupted VoIP profiles. Critical sectors such as finance, government, healthcare, and telecommunications in Europe that depend on secure voice communications could face operational disruptions, data breaches, and regulatory compliance violations (e.g., GDPR). The lack of authentication requirement and remote exploitability increases the attack surface, making this vulnerability particularly dangerous in environments with exposed or poorly segmented network infrastructure.

1. Immediate network segmentation: Isolate D-Link DVG-G5402SP devices on dedicated VLANs with strict access controls to limit exposure to untrusted networks. 2. Restrict management interfaces: Disable or restrict remote management access to trusted IP addresses only, preferably via VPN or secure management channels. 3. Monitor network traffic for anomalous VoIP profile modification attempts using IDS/IPS solutions with custom signatures targeting unauthorized SIB profile edits. 4. Implement strict firewall rules to block unauthorized inbound traffic to the device's management and VoIP configuration ports. 5. Regularly audit device configurations and logs to detect unauthorized changes promptly. 6. Engage with D-Link support or authorized vendors to obtain firmware updates or patches addressing this vulnerability; if unavailable, consider device replacement or alternative secure VoIP solutions. 7. Educate IT staff on the risks and signs of exploitation related to this vulnerability to enhance incident detection and response capabilities.