CVE-2022-48107

Name of the Vulnerable Software and Affected Versions D-Link DIR-878 version 1.30B08

Description A command injection issue was found in the /setnetworksettings/IPAddress component, allowing attackers to escalate privileges to root by sending a crafted payload.

Recommendations For version 1.30B08, consider restricting access to the /setnetworksettings/IPAddress endpoint until a patch is available. As a temporary workaround, avoid using the IPAddress component in the setnetworksettings API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.