CVE-2022-28901: OS Command Injection
First published: Tue May 10 2022(Updated: )
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dir-882 Firmware | =1.30b06 | |
| Dlink Dir-882 | =a1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this command injection vulnerability?
The vulnerability ID of this command injection vulnerability is CVE-2022-28901.
What is the severity of CVE-2022-28901?
The severity of CVE-2022-28901 is critical with a CVSS score of 9.8.
What is the affected software for CVE-2022-28901?
The affected software for CVE-2022-28901 is D-Link DIR882 with firmware version 1.30b06.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by sending a crafted payload to the /SetTriggerLEDBlink/Blink component of the D-Link DIR882 router.
Are there any references available for CVE-2022-28901?
Yes, you can find references for CVE-2022-28901 at the following links: [link1](https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/3), [link2](https://www.dlink.com/en/security-bulletin/).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/dlink
- canonical/dlink dir-882 firmware
- version/dlink dir-882 firmware/1.30b06
- canonical/dlink dir-882
- version/dlink dir-882/a1