CVE-2022-27631 - A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 3227

CVE-2022-27631

Summary

A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1510

Vulnerable Configurations

cpe:2.3:o:dd-wrt:dd-wrt:*:*:*:*:*:*:*:*
cpe:2.3:o:dd-wrt:dd-wrt:*:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

02-12-2022 - 20:12

Published

05-08-2022 - 22:15

Last modified

02-12-2022 - 20:12