CVE-2022-42160

Name of the Vulnerable Software and Affected Versions D-Link COVR versions 1200, 1202, 1203 version 1.08

Description The issue is related to a command injection vulnerability via the system time timezone parameter at the SetNTPServerSettings function. This vulnerability may allow a remote attacker to execute arbitrary commands. The vulnerability is associated with the lack of data sanitization at the management level.

Recommendations For D-Link COVR versions 1200, 1202, 1203 version 1.08, consider disabling the SetNTPServerSettings function or restricting access to the system time timezone parameter until a patch is available. Avoid using the system time timezone parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.