First published: Tue May 10 2022(Updated: )
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-882 Firmware | =1.30b06 | |
Dlink Dir-882 | =a1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-28895 is a command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 that allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-28895 has a severity rating of 9.8 (critical).
The D-Link DIR882 firmware version 1.30b06 is affected by CVE-2022-28895.
CVE-2022-28895 can be exploited by attackers using a crafted payload to execute commands and escalate privileges to root.
You can find more information about CVE-2022-28895 in the GitHub repository at https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/1 and the D-Link security bulletin at https://www.dlink.com/en/security-bulletin/