CVE-2022-28896: OS Command Injection
First published: Tue May 10 2022(Updated: )
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dir-882 Firmware | =1.30b06 | |
| Dlink Dir-882 | =a1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-28896?
CVE-2022-28896 is a command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 that allows attackers to escalate privileges to root via a crafted payload.
Which software versions are affected by CVE-2022-28896?
The Dlink Dir-882 Firmware version 1.30b06 is affected by CVE-2022-28896.
Is D-Link DIR-882A1 affected by CVE-2022-28896?
No, D-Link DIR-882A1 is not affected by CVE-2022-28896.
What is the severity of CVE-2022-28896?
The severity of CVE-2022-28896 is critical with a CVSS score of 9.8.
How can I mitigate the vulnerability CVE-2022-28896?
To mitigate the CVE-2022-28896 vulnerability, it is recommended to apply the latest firmware update provided by D-Link.
- collector/nvd-api
- collector/nvd-index
- vendor/dlink
- canonical/dlink dir-882 firmware
- version/dlink dir-882 firmware/1.30b06
- canonical/dlink dir-882
- version/dlink dir-882/a1