Vulnerability Description
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-823G Firmware | 1.02b03 |
| Dlink | Dir-823G | - |
Related Weaknesses (CWE)
References
- https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1
- https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-823G/2ExploitThird Party Advisory
- https://www.dlink.com/en/security-bulletin/Vendor Advisory
- https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1
- https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-823G/2ExploitThird Party Advisory
- https://www.dlink.com/en/security-bulletin/Vendor Advisory
FAQ
What is CVE-2022-44808?
CVE-2022-44808 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /...
How severe is CVE-2022-44808?
CVE-2022-44808 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-44808?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-823G Firmware, Dlink Dir-823G.