7.8

CVE-2022-1262

Exploit

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DlinkDir-1360 Firmware Version1.02b03
   DlinkDir-1360 Versiona1
DlinkDir-1360 Firmware Version1.03b02
   DlinkDir-1360 Versiona1
DlinkDir-1360 Firmware Version1.11b04
   DlinkDir-1360 Versiona1
DlinkDir-1760 Firmware Version1.01b04
   DlinkDir-1760 Version-
DlinkDir-1760 Firmware Version1.11b03 Updatebeta
   DlinkDir-1760 Version-
DlinkDir-1960 Firmware Version1.02b01
   DlinkDir-1960 Versiona1
DlinkDir-1960 Firmware Version1.03b03
   DlinkDir-1960 Versiona1
DlinkDir-1960 Firmware Version1.11b03
   DlinkDir-1960 Versiona1
DlinkDir-2640 Firmware Version1.11b02 Updatebeta
   DlinkDir-2640 Version-
DlinkDir-2660 Firmware Version1.04b03
   DlinkDir-2660 Versiona1
DlinkDir-2660 Firmware Version1.11b04
   DlinkDir-2660 Versiona1
DlinkDir-3040 Firmware Version1.13b03 Updatebeta
   DlinkDir-3040 Version-
DlinkDir-3060 Firmware Version1.00b12
   DlinkDir-3060 Version-
DlinkDir-3060 Firmware Version1.11b04 Updatebeta
   DlinkDir-3060 Version-
DlinkDir-867 Firmware Version1.20b10
   DlinkDir-867 Versiona1
DlinkDir-878 Firmware Version1.20b05
   DlinkDir-878 Version-
DlinkDir-878 Firmware Version1.30b08
   DlinkDir-878 Version-
DlinkDir-882 Firmware Version1.20b06
   DlinkDir-882 Version-
DlinkDir-1360 Firmware Version1.00b15
   DlinkDir-1360 Version-
DlinkDir-1360 Firmware Version1.01b03
   DlinkDir-1360 Version-
DlinkDir-1360 Firmware Version1.11b04 Updatebeta
   DlinkDir-1360 Version-
DlinkDir-1960 Firmware Version1.11b03 Updatebeta
   DlinkDir-1960 Version-
DlinkDir-2640 Firmware Version1.01b04
   DlinkDir-2640 Versiona1
DlinkDir-2640 Firmware Version1.11b02
   DlinkDir-2640 Versiona1
DlinkDir-2660 Firmware Version1.00b14
   DlinkDir-2660 Version-
DlinkDir-2660 Firmware Version1.01b03
   DlinkDir-2660 Version-
DlinkDir-2660 Firmware Version1.02b01
   DlinkDir-2660 Version-
DlinkDir-2660 Firmware Version1.03b04
   DlinkDir-2660 Version-
DlinkDir-2660 Firmware Version1.11b04 Updatebeta
   DlinkDir-2660 Version-
DlinkDir-3040 Firmware Version1.11b02
   DlinkDir-3040 Versiona1
DlinkDir-3040 Firmware Version1.12b01
   DlinkDir-3040 Versiona1
DlinkDir-3040 Firmware Version1.13b03
   DlinkDir-3040 Versiona1
DlinkDir-3040 Firmware Version1.20b03
   DlinkDir-3040 Versiona1
DlinkDir-3060 Firmware Version1.01b07
   DlinkDir-3060 Versiona1
DlinkDir-3060 Firmware Version1.02b03
   DlinkDir-3060 Versiona1
DlinkDir-3060 Firmware Version1.11b02
   DlinkDir-3060 Versiona1
DlinkDir-3060 Firmware Version1.11b04
   DlinkDir-3060 Versiona1
DlinkDir-867 Firmware Version1.10b04
   DlinkDir-867 Version-
DlinkDir-867 Firmware Version1.30b07
   DlinkDir-867 Version-
DlinkDir-882 Firmware Version1.30b06
   DlinkDir-882 Versiona1
DlinkDir-882 Firmware Version1.30b10
   DlinkDir-882 Versiona1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.62% 0.69
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.