Command Injection Vulnerability in D-Link Router Firmware
CVE-2022-48108

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir 878 Firmware
Vendor: CVE Published:; 27 January 2023

Summary

A command injection vulnerability has been identified in D-Link DIR-878 firmware version 1.30B08, specifically within the /SetNetworkSettings/SubnetMask component. This vulnerability allows remote attackers to execute arbitrary commands by supplying crafted input, potentially leading to escalation of privileges to the root level. Users are advised to review their router configurations and apply any available security patches to mitigate the risks associated with this vulnerability.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cm...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2023
Vulnerability Reserved
Dec 29, 2022