First published: Tue May 10 2022(Updated: )
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-882 Firmware | =1.30b06 | |
Dlink Dir-882 | =a1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this command injection vulnerability is CVE-2022-28901.
The severity of CVE-2022-28901 is critical with a CVSS score of 9.8.
The affected software for CVE-2022-28901 is D-Link DIR882 with firmware version 1.30b06.
An attacker can exploit this vulnerability by sending a crafted payload to the /SetTriggerLEDBlink/Blink component of the D-Link DIR882 router.
Yes, you can find references for CVE-2022-28901 at the following links: [link1](https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/3), [link2](https://www.dlink.com/en/security-bulletin/).