D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Dlink
  • Dap-2310
  • Dap-2310 Firmware
  • Dap-2330
  • Dap-2330 Firmware
  • Dap-2360
  • Dap-2360 Firmware
  • Dap-2553
  • Dap-2553 Firmware
  • Dap-2660
  • Dap-2660 Firmware
  • Dap-2690
  • Dap-2690 Firmware
  • Dap-2695
  • Dap-2695 Firmware
  • Dap-3320
  • Dap-3320 Firmware
  • Dap-3662
  • Dap-3662 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:dlink:dap-2310_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-2310:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:dlink:dap-2330_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-2330:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:dlink:dap-2360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-2360:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:dlink:dap-2553_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-2553:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:dlink:dap-2660_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-2660:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:dlink:dap-2690_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-2690:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
OR cpe:2.3:o:dlink:dap-2695_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-2695_firmware:1.20rc119:beta31:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-2695:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:dlink:dap-3320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-3320_firmware:1.05rc027:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-3320:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:dlink:dap-3662_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-3662:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://github.com/Yuhao-W/BUG--D-Link--Firmware-Update-Vulnerabilities/blob/main/README.md cve-icon cve-icon
https://www.dlink.com/en/security-bulletin/ cve-icon cve-icon
History

Thu, 17 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-345
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-04-17T13:52:22.982Z

Reserved: 2022-08-29T00:00:00.000Z

Link: CVE-2022-38873

cve-icon Vulnrichment

Updated: 2024-08-03T11:02:14.746Z

cve-icon NVD

Status : Modified

Published: 2022-12-20T20:15:09.730

Modified: 2025-04-17T14:15:20.023

Link: CVE-2022-38873

cve-icon Redhat

No data.