CVE-2022-29332

Published: May 17, 2022Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server.

Affected (1)

Products: Dlink: Dir 825 Firmware

1 product

Dir 825 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 825 Firmware	Version 2022.01.13-13.48

Running on/with	Platform Versions
Dlink Dir 825	Version r2

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/d-link_dir-825_R2.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/d-link_dir-825_R2.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.