CVE-2022-1262

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.
References
Link Resource
https://www.tenable.com/security/research/tra-2022-09 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:dlink:dir-1360_firmware:1.02b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.03b02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.11b04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1360:a1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:dlink:dir-1760_firmware:1.01b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1760_firmware:1.11b03:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1760:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:dlink:dir-1960_firmware:1.02b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1960_firmware:1.03b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1960_firmware:1.11b03:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1960:a1:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2640:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:dlink:dir-2660_firmware:1.04b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.11b04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2660:a1:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dlink:dir-3040_firmware:1.13b03:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3040:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:dlink:dir-3060_firmware:1.00b12:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.11b04:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3060:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dlink:dir-867_firmware:1.20b10:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-867:a1:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:dlink:dir-878_firmware:1.20b05:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-878_firmware:1.30b08:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dlink:dir-882_firmware:1.20b06:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:dlink:dir-1360_firmware:1.00b15:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.01b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.11b04:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1360:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dlink:dir-1960_firmware:1.11b03:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1960:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
OR cpe:2.3:o:dlink:dir-2640_firmware:1.01b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2640:a1:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
OR cpe:2.3:o:dlink:dir-2660_firmware:1.00b14:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.01b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.02b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.03b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.11b04:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2660:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
OR cpe:2.3:o:dlink:dir-3040_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.12b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.13b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.20b03:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3040:a1:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
OR cpe:2.3:o:dlink:dir-3060_firmware:1.01b07:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.02b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.11b04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3060:a1:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
OR cpe:2.3:o:dlink:dir-867_firmware:1.10b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-867_firmware:1.30b07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-867:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
OR cpe:2.3:o:dlink:dir-882_firmware:1.30b06:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-882_firmware:1.30b10:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-882:a1:*:*:*:*:*:*:*

Information

Published : 2022-04-11 13:15

Updated : 2022-04-18 07:31


NVD link : CVE-2022-1262

Mitre link : CVE-2022-1262


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

dlink

  • dir-1760
  • dir-1960_firmware
  • dir-1360
  • dir-1960
  • dir-2660_firmware
  • dir-2640_firmware
  • dir-867_firmware
  • dir-2660
  • dir-867
  • dir-2640
  • dir-3060_firmware
  • dir-1760_firmware
  • dir-878
  • dir-882_firmware
  • dir-878_firmware
  • dir-1360_firmware
  • dir-882
  • dir-3040
  • dir-3040_firmware
  • dir-3060