PT-2022-5271 · D Link · D-Link Dir-816 A2
Hunzi0
·
Published
2022-10-26
·
Updated
2023-08-08
·
CVE-2022-42999
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-816 A2 version 1.10 B05
Description
The issue is related to command injection vulnerabilities. These vulnerabilities can be exploited via the
admuser and admpass parameters at the "/goform/setSysAdm" API endpoint. The vulnerability may allow a remote attacker to cause a denial of service.Recommendations
For D-Link DIR-816 A2 version 1.10 B05, consider restricting access to the "/goform/setSysAdm" API endpoint to minimize the risk of exploitation. Avoid using the
admuser and admpass parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
D-Link Dir-816 A2