CVE-2023-1245: 
vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability was identified in D-Link DAP-2622 routers' DDP service, tracked as CVE-2023-35740. The vulnerability was discovered on January 20, 2023, and publicly disclosed on August 25, 2023. This security flaw affects the DDP Configuration Backup Server Address functionality in D-Link DAP-2622 routers (Zero Day Initiative).

The vulnerability stems from improper validation of user-supplied data length before copying it to a fixed-length stack-based buffer in the DDP service. The severity of this vulnerability is rated with a CVSS score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity. The vulnerability requires network-adjacent access but no authentication for exploitation (Zero Day Initiative).

Successful exploitation of this vulnerability allows network-adjacent attackers to execute arbitrary code with root privileges on affected D-Link DAP-2622 routers. The high CVSS score reflects the significant potential impact on the confidentiality, integrity, and availability of the affected systems (Zero Day Initiative).

D-Link has released an update to address this vulnerability. Users are advised to apply the security update available through the D-Link support portal (Zero Day Initiative).