PT-2022-5278 · D Link · D-Link Covr
Published
2022-10-13
·
Updated
2022-10-18
·
CVE-2022-42156
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link COVR versions 1200, 1202, 1203 v1.08
Description
The issue is related to a command injection vulnerability in the SetNetworkTomographySettings function. This vulnerability can be exploited via the
tomography ping number parameter, allowing a remote attacker to execute arbitrary commands. The vulnerability is due to the lack of data sanitization at the management level.Recommendations
For D-Link COVR 1200, 1202, 1203 v1.08, consider disabling the
SetNetworkTomographySettings function or restricting access to the tomography ping number parameter until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Covr