Vulnerability Description
On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-819 Firmware | 1.06 |
| Dlink | Dir-819 | a1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171484/D-Link-DIR-819-A1-Denial-Of-Service.ExploitThird Party AdvisoryVDB Entry
- https://github.com/whokilleddb/dlink-dir-819-dosExploitThird Party Advisory
- https://www.dlink.com/en/security-bulletin/Product
- http://packetstormsecurity.com/files/171484/D-Link-DIR-819-A1-Denial-Of-Service.ExploitThird Party AdvisoryVDB Entry
- https://github.com/whokilleddb/dlink-dir-819-dosExploitThird Party Advisory
- https://www.dlink.com/en/security-bulletin/Product
FAQ
What is CVE-2022-40946?
CVE-2022-40946 is a vulnerability with a CVSS score of 7.5 (HIGH). On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.
How severe is CVE-2022-40946?
CVE-2022-40946 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40946?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-819 Firmware, Dlink Dir-819.