SB2023083014 - Multiple vulnerabilities in D-Link DAP-2622
Published: August 30, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 51 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2023-37326)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set Wireless Info Auth Password. A remote attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Stack-based buffer overflow (CVE-ID: CVE-2023-35725)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in User Verification Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Use of hard-coded credentials (CVE-ID: CVE-2023-35724)
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code within the CLI service. A remote unauthenticated attacker on the local network can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Stack-based buffer overflow (CVE-ID: CVE-2023-35726)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in User Verification Auth Password. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Stack-based buffer overflow (CVE-ID: CVE-2023-35727)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Reboot Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Stack-based buffer overflow (CVE-ID: CVE-2023-35728)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Reboot Auth Password. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Stack-based buffer overflow (CVE-ID: CVE-2023-35729)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Reset Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Stack-based buffer overflow (CVE-ID: CVE-2023-35730)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Reset Auth Password. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Stack-based buffer overflow (CVE-ID: CVE-2023-35731)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Reset Factory Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Stack-based buffer overflow (CVE-ID: CVE-2023-35732)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Reset Factory Auth Password. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Stack-based buffer overflow (CVE-ID: CVE-2023-35733)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Change ID Password Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Stack-based buffer overflow (CVE-ID: CVE-2023-35735)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Change ID Password New Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Stack-based buffer overflow (CVE-ID: CVE-2023-35736)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Change ID Password New Password. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Stack-based buffer overflow (CVE-ID: CVE-2023-35737)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Configuration Backup Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Stack-based buffer overflow (CVE-ID: CVE-2023-35738)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Configuration Backup Auth Password. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Stack-based buffer overflow (CVE-ID: CVE-2023-35739)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Configuration Backup Server IPv6 Address. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Stack-based buffer overflow (CVE-ID: CVE-2023-35740)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Configuration Backup Server. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Stack-based buffer overflow (CVE-ID: CVE-2023-35741)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Configuration Backup Filename. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Stack-based buffer overflow (CVE-ID: CVE-2023-35742)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Configuration Restore Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Stack-based buffer overflow (CVE-ID: CVE-2023-35743)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Configuration Restore Auth Password. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Stack-based buffer overflow (CVE-ID: CVE-2023-35744)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Configuration Restore Server IPv6 Address. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) Stack-based buffer overflow (CVE-ID: CVE-2023-35745)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Configuration Restore Filename. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Stack-based buffer overflow (CVE-ID: CVE-2023-35746)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Upgrade Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Stack-based buffer overflow (CVE-ID: CVE-2023-35747)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Firmware Upgrade Auth Password. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
25) Stack-based buffer overflow (CVE-ID: CVE-2023-35748)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Firmware Upgrade Server IPv6 Address. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Stack-based buffer overflow (CVE-ID: CVE-2023-35748)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Firmware Upgrade Filename. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Information disclosure (CVE-ID: CVE-2023-35750)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within the DDP service. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
28) Stack-based buffer overflow (CVE-ID: CVE-2023-35751)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set AG Profile Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Stack-based buffer overflow (CVE-ID: CVE-2023-35752)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set AG Profile Auth Password. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
30) Stack-based buffer overflow (CVE-ID: CVE-2023-35753)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set AG Profile UUID. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
31) Stack-based buffer overflow (CVE-ID: CVE-2023-35754)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set AG Profile NMS URL. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) Stack-based buffer overflow (CVE-ID: CVE-2023-35755)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set Date-Time Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
33) Stack-based buffer overflow (CVE-ID: CVE-2023-35756)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set Date-Time Auth Password. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
34) Stack-based buffer overflow (CVE-ID: N/A)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in et Date-Time NTP Server. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Stack-based buffer overflow (CVE-ID: CVE-2023-35758)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set Date-Time. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
36) Stack-based buffer overflow (CVE-ID: CVE-2023-37310)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set Device Info Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
37) Stack-based buffer overflow (CVE-ID: CVE-2023-37311)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set Device Info Auth Password. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
38) Stack-based buffer overflow (CVE-ID: CVE-2023-37313)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set IPv4 Address Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
39) Stack-based buffer overflow (CVE-ID: CVE-2023-37312)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set Device Info Device Name. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
40) Stack-based buffer overflow (CVE-ID: CVE-2023-37314)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set IPv6 Address Auth Username. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
41) Stack-based buffer overflow (CVE-ID: CVE-2023-37315)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set IPv6 Address Auth Password. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
42) Stack-based buffer overflow (CVE-ID: CVE-2023-37316)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set IPv6 Address Default Gateway. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
43) Stack-based buffer overflow (CVE-ID: CVE-2023-37317)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set IPv6 Address Primary DNS. A remote attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
44) Stack-based buffer overflow (CVE-ID: CVE-2023-37318)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set IPv6 Address Secondary DNS. A remote attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
45) Stack-based buffer overflow (CVE-ID: CVE-2023-37319)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set IPv6 Address. A remote attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
46) Stack-based buffer overflow (CVE-ID: CVE-2023-37320)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set SSID List SSID Name. A remote attacker con the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
47) Stack-based buffer overflow (CVE-ID: CVE-2023-37321)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in List RADIUS Secret. A remote attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
48) Stack-based buffer overflow (CVE-ID: CVE-2023-37322)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set SSID List RADIUS Server. A remote attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
49) Stack-based buffer overflow (CVE-ID: CVE-2023-37323)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set SSID List PSK. A remote attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
50) Stack-based buffer overflow (CVE-ID: CVE-2023-37324)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DDP service in Set Wireless Info Auth Username. A remote attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
51) Improper Authentication (CVE-ID: N/A)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests within the DDP service in Set SSID List. A remote attacker on the local network can bypass authentication process and manipulate wireless authentication settings.
Remediation
Install update from vendor's website.
References
- https://www.zerodayinitiative.com/advisories/ZDI-23-1279/
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
- https://www.zerodayinitiative.com/advisories/ZDI-23-1231/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1230/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1232/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1233/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1234/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1235/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1236/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1237/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1238/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1239/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1240/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1241/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1242/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1243/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1244/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1245/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1246/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1247/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1248/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1249/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1250/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1251/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1252/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1253/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1254/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1255/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1256/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1257/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1258/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1259/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1260/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1261/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1262/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1263/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1264/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1265/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1267/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1266/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1268/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1269/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1270/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1271/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1272/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1273/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1274/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1275/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1276/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1277/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1278/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1280/