CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2022-26258

CVSS 9.8v3.1pub. 2022-03-28upd. 2026-07-05

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir 820l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 820l Firmware

    OS
    Dlink
    1.05b03

CISA KEV — detailsi

Vendori
D-Link
Producti
DIR-820L
Added to KEVi
September 8, 2022
Remediation deadline (US Federal)i
September 29, 2022(overdue)
Required action (CISA)i

The impacted product is end-of-life and should be disconnected if still in use.

CISA descriptioni

D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 29 września 2022
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2023-25280CRITICAL9.8⚠ KEVten sam produkt

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to roo...

CVE-2021-45382CRITICAL9.8⚠ KEVten sam produkt

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW...

CVE-2015-1187CRITICAL9.8⚠ KEVten sam produkt

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the...

CVE-2024-48150CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-820L: stack overflow w funkcji sub_451208

CVE-2023-44808CRITICAL9.8ten sam produkt

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function.