CVE-2022-1262

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-1262
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.tenable.com/security/research/tra-2022-09 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:dlink:dir-1360_firmware:1.02b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.03b02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.11b04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1360:a1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:dlink:dir-1760_firmware:1.01b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1760_firmware:1.11b03:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1760:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:dlink:dir-1960_firmware:1.02b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1960_firmware:1.03b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1960_firmware:1.11b03:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1960:a1:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2640:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:dlink:dir-2660_firmware:1.04b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.11b04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2660:a1:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dlink:dir-3040_firmware:1.13b03:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3040:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:dlink:dir-3060_firmware:1.00b12:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.11b04:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3060:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dlink:dir-867_firmware:1.20b10:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-867:a1:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:dlink:dir-878_firmware:1.20b05:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-878_firmware:1.30b08:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dlink:dir-882_firmware:1.20b06:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:dlink:dir-1360_firmware:1.00b15:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.01b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.11b04:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1360:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dlink:dir-1960_firmware:1.11b03:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1960:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
OR cpe:2.3:o:dlink:dir-2640_firmware:1.01b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2640:a1:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
OR cpe:2.3:o:dlink:dir-2660_firmware:1.00b14:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.01b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.02b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.03b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.11b04:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2660:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
OR cpe:2.3:o:dlink:dir-3040_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.12b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.13b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.20b03:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3040:a1:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
OR cpe:2.3:o:dlink:dir-3060_firmware:1.01b07:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.02b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.11b04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3060:a1:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
OR cpe:2.3:o:dlink:dir-867_firmware:1.10b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-867_firmware:1.30b07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-867:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
OR cpe:2.3:o:dlink:dir-882_firmware:1.30b06:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-882_firmware:1.30b10:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-882:a1:*:*:*:*:*:*:*
Information

Published : 2022-04-11 13:15

Updated : 2022-04-18 07:31

NVD link : CVE-2022-1262

Mitre link : CVE-2022-1262

JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa
Products Affected

dlink

  • dir-1760
  • dir-1960_firmware
  • dir-1360
  • dir-1960
  • dir-2660_firmware
  • dir-2640_firmware
  • dir-867_firmware
  • dir-2660
  • dir-867
  • dir-2640
  • dir-3060_firmware
  • dir-1760_firmware
  • dir-878
  • dir-882_firmware
  • dir-878_firmware
  • dir-1360_firmware
  • dir-882
  • dir-3040
  • dir-3040_firmware
  • dir-3060