CVE-2022-26258
CVE-2022-26258
In short
A vulnerability in D-Link DIR-820L router version 1.05B03 allows attackers to execute arbitrary commands remotely through an unprotected HTTP POST request, potentially giving them full control of the device.
Technical detail
Remote command injection vulnerability in D-Link DIR-820L 1.05B03 accessible via HTTP POST to the 'get_set_ccp' endpoint without proper input validation or authentication. An attacker can inject OS commands that execute with device privileges, leading to complete system compromise.
Summary generated and translated by AI from the official description.
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://dir-820l.comhttp://dlink.comhttps://github.com/skyedai910/Vuln/tree/master/DIR-820L/command_execution_0https://github.com/zhizhuoshuma/cve_info_data/blob/ccaed4b94ba762eb8a8e003bfa762a7754b8182e/Vuln/Vuln/DIR-820L/command_execution_0/README.mdhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26258https://www.dlink.com/en/security-bulletin/