Command Injection Vulnerability in DIR845L Router by D-Link
CVE-2022-36756

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-845l Firmware
Vendor: CVE Published:; 28 August 2022

Summary

The DIR845L A1 router, specifically versions 1.00 to 1.03, is susceptible to a command injection vulnerability through the /htdocs/upnpinc/gena.php endpoint. This weakness could allow attackers to execute arbitrary commands, potentially compromising the security of the device and the connected network. Users are urged to review their router configurations and apply any available security patches to mitigate risks.

References

https://www.dlink.com/en/security-bulletin/

x_refsource_MISC

https://drive.google.com/file/d/1S9MODTsa70LS3UPFY1ohyPJX...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2022
Vulnerability Reserved
Jul 25, 2022