Command Injection Vulnerability in D-Link DIR-816 Router
CVE-2022-42999

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dir-816 Firmware
Vendor: CVE Published:; 26 October 2022

What is CVE-2022-42999?

The D-Link DIR-816 A2 1.10 B05 router is susceptible to command injection attacks through the admuser and admpass parameters found in the /goform/setSysAdm interface. This vulnerability allows malicious actors to execute arbitrary commands on the device, potentially leading to unauthorized access and significant compromises to network security. It is crucial for users to apply the recommended security updates to mitigate these risks and enhance the security posture of their networking equipment.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/hunzi0/VulInfo/tree/main/D-Link/DIR-81...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2022
Vulnerability Reserved
Oct 17, 2022