Command Injection Vulnerability in D-Link DIR-823G Devices
CVE-2022-44808

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-823g Firmware
Vendor: CVE Published:; 22 November 2022

What is CVE-2022-44808?

A command injection vulnerability has been identified in D-Link DIR-823G devices running firmware version 1.02B03. The flaw allows attackers to execute arbitrary operating system commands by exploiting improperly handled input through HNAP1 requests. The system's execution of untrusted commands without adequate validation enables this security breach, making it crucial for users to be aware of potential exploits.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link...

https://github.com/726232111/VulIoT/tree/main/D-Link/DIR8...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2022
Vulnerability Reserved
Nov 7, 2022

CVE-2022-44808 Data

JSON