CVE-2022-1262

Published: Apr 11, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.

Affected (41)

Products: Dlink: Dir 1360 Firmware, Dir 1760 Firmware, Dir 1960 Firmware, Dir 2640 Firmware, Dir 2660 Firmware, Dir 3040 Firmware, Dir 3060 Firmware, Dir 867 Firmware, Dir 878 Firmware, Dir 882 Firmware

10 products

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 1360 Firmware	Version 1.02b03
Dlink Dir 1360 Firmware	Version 1.03b02
Dlink Dir 1360 Firmware	Version 1.11b04

Running on/with	Platform Versions
Dlink Dir 1360	Version a1

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 1760 Firmware	Version 1.01b04
Dlink Dir 1760 Firmware	Version 1.11b03 beta

Running on/with	Platform Versions
Dlink Dir 1760	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 1960 Firmware	Version 1.02b01
Dlink Dir 1960 Firmware	Version 1.03b03
Dlink Dir 1960 Firmware	Version 1.11b03

Running on/with	Platform Versions
Dlink Dir 1960	Version a1

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 2640 Firmware	Version 1.11b02 beta

Running on/with	Platform Versions
Dlink Dir 2640	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 2660 Firmware	Version 1.04b03
Dlink Dir 2660 Firmware	Version 1.11b04

Running on/with	Platform Versions
Dlink Dir 2660	Version a1

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 3040 Firmware	Version 1.13b03 beta

Running on/with	Platform Versions
Dlink Dir 3040	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 3060 Firmware	Version 1.00b12
Dlink Dir 3060 Firmware	Version 1.11b04 beta

Running on/with	Platform Versions
Dlink Dir 3060	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 867 Firmware	Version 1.20b10

Running on/with	Platform Versions
Dlink Dir 867	Version a1

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 878 Firmware	Version 1.20b05
Dlink Dir 878 Firmware	Version 1.30b08

Running on/with	Platform Versions
Dlink Dir 878	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 882 Firmware	Version 1.20b06

Running on/with	Platform Versions
Dlink Dir 882	All versions

Configuration K

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 1360 Firmware	Version 1.00b15
Dlink Dir 1360 Firmware	Version 1.01b03
Dlink Dir 1360 Firmware	Version 1.11b04 beta

Running on/with	Platform Versions
Dlink Dir 1360	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 1960 Firmware	Version 1.11b03 beta

Running on/with	Platform Versions
Dlink Dir 1960	All versions

Configuration M

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 2640 Firmware	Version 1.01b04
Dlink Dir 2640 Firmware	Version 1.11b02

Running on/with	Platform Versions
Dlink Dir 2640	Version a1

Configuration N

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 2660 Firmware	Version 1.00b14
Dlink Dir 2660 Firmware	Version 1.01b03
Dlink Dir 2660 Firmware	Version 1.02b01
Dlink Dir 2660 Firmware	Version 1.03b04
Dlink Dir 2660 Firmware	Version 1.11b04 beta

Running on/with	Platform Versions
Dlink Dir 2660	All versions

Configuration O

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 3040 Firmware	Version 1.11b02
Dlink Dir 3040 Firmware	Version 1.12b01
Dlink Dir 3040 Firmware	Version 1.13b03
Dlink Dir 3040 Firmware	Version 1.20b03

Running on/with	Platform Versions
Dlink Dir 3040	Version a1

Configuration P

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 3060 Firmware	Version 1.01b07
Dlink Dir 3060 Firmware	Version 1.02b03
Dlink Dir 3060 Firmware	Version 1.11b02
Dlink Dir 3060 Firmware	Version 1.11b04

Running on/with	Platform Versions
Dlink Dir 3060	Version a1

Configuration Q

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 867 Firmware	Version 1.10b04
Dlink Dir 867 Firmware	Version 1.30b07

Running on/with	Platform Versions
Dlink Dir 867	All versions

Configuration R

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 882 Firmware	Version 1.30b06
Dlink Dir 882 Firmware	Version 1.30b10

Running on/with	Platform Versions
Dlink Dir 882	Version a1

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://www.tenable.com/security/research/tra-2022-09

Source: vulnreport@tenable.com

ExploitThird Party Advisory

https://www.tenable.com/security/research/tra-2022-09

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.