CVE-2022-28895: OS Command Injection
First published: Tue May 10 2022(Updated: )
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dir-882 Firmware | =1.30b06 | |
| Dlink Dir-882 | =a1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-28895?
CVE-2022-28895 is a command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 that allows attackers to escalate privileges to root via a crafted payload.
How severe is CVE-2022-28895?
CVE-2022-28895 has a severity rating of 9.8 (critical).
Which software versions are affected by CVE-2022-28895?
The D-Link DIR882 firmware version 1.30b06 is affected by CVE-2022-28895.
How can the CVE-2022-28895 vulnerability be exploited?
CVE-2022-28895 can be exploited by attackers using a crafted payload to execute commands and escalate privileges to root.
Where can I find more information about CVE-2022-28895?
You can find more information about CVE-2022-28895 in the GitHub repository at https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/1 and the D-Link security bulletin at https://www.dlink.com/en/security-bulletin/
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/dlink
- canonical/dlink dir-882 firmware
- version/dlink dir-882 firmware/1.30b06
- canonical/dlink dir-882
- version/dlink dir-882/a1