Command Injection Vulnerability in D-Link DIR-3040 Device
CVE-2022-44832

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-3040 Firmware
Vendor: CVE Published:; 14 December 2022

Summary

The D-Link DIR-3040 device with firmware version 120B03 has been found to be susceptible to a command injection vulnerability. This flaw allows an attacker to execute arbitrary commands through the SetTriggerLEDBlink function, which can potentially lead to unauthorized access and manipulation of the device. Proper validation checks are essential to mitigate this security risk.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/flamingo1616/iot_vuln/blob/main/D-Link...

EPSS Score

19% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2022
Vulnerability Reserved
Nov 7, 2022