A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
References
Link | Resource |
---|---|
https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/2 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-05-10 07:15
Updated : 2022-05-16 09:45
NVD link : CVE-2022-28896
Mitre link : CVE-2022-28896
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
dlink
- dir-882
- dir-882_firmware