CVE-2022-37130: OS Command Injection
First published: Wed Aug 31 2022(Updated: )
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dir-816 Firmware | =1.10cnb04 | |
| Dlink DIR-816 | =a2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this command injection vulnerability?
The vulnerability ID is CVE-2022-37130.
What is the severity level of CVE-2022-37130?
The severity level of CVE-2022-37130 is critical with a score of 9.8.
How does the command injection vulnerability occur in D-Link DIR-816 A2_v1.10CNB04?
The command injection vulnerability occurs in /goform/Diagnosis where the parameter 'setnum' is spliced into 'v10' by snprintf, allowing system execution.
What is the affected software version of D-Link DIR-816 A2_v1.10CNB04?
The affected software version of D-Link DIR-816 A2_v1.10CNB04 is 1.10cnb04.
Is D-Link DIR-816 A2 affected by this vulnerability?
No, D-Link DIR-816 A2 is not vulnerable to this command injection vulnerability.
- agent/type
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/references
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/dlink
- canonical/dlink dir-816 firmware
- version/dlink dir-816 firmware/1.10cnb04
- canonical/dlink dir-816
- version/dlink dir-816/a2