Lucene search

[email protected]CVE-2022-1262

HistoryApr 11, 2022 - 8:15 p.m.

CVE-2022-1262

2022-04-1120:15:18

CWE-78

[email protected]

web.nvd.nist.gov

cve-2022-1262

command injection

protest binary

remote access

arbitrary commands

root access

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.

Affected configurations

NVD

Node

dlinkdir-1360Matcha1

AND

dlinkdir-1360_firmwareMatch1.02b03

dlinkdir-1360_firmwareMatch1.03b02

dlinkdir-1360_firmwareMatch1.11b04

Node

dlinkdir-1760Match-

AND

dlinkdir-1760_firmwareMatch1.01b04

dlinkdir-1760_firmwareMatch1.11b03beta

Node

dlinkdir-1960Matcha1

AND

dlinkdir-1960_firmwareMatch1.02b01

dlinkdir-1960_firmwareMatch1.03b03

dlinkdir-1960_firmwareMatch1.11b03

Node

dlinkdir-2640Match-

AND

dlinkdir-2640_firmwareMatch1.11b02beta

Node

dlinkdir-2660Matcha1

AND

dlinkdir-2660_firmwareMatch1.04b03

dlinkdir-2660_firmwareMatch1.11b04

Node

dlinkdir-3040Match-

AND

dlinkdir-3040_firmwareMatch1.13b03beta

Node

dlinkdir-3060Match-

AND

dlinkdir-3060_firmwareMatch1.00b12

dlinkdir-3060_firmwareMatch1.11b04beta

Node

dlinkdir-867Matcha1

AND

dlinkdir-867_firmwareMatch1.20b10

Node

dlinkdir-878_firmwareMatch1.20b05

dlinkdir-878_firmwareMatch1.30b08

AND

dlinkdir-878Match-

Node

dlinkdir-882_firmwareMatch1.20b06

AND

dlinkdir-882Match-

Node

dlinkdir-1360_firmwareMatch1.00b15

dlinkdir-1360_firmwareMatch1.01b03

dlinkdir-1360_firmwareMatch1.11b04beta

AND

dlinkdir-1360Match-

Node

dlinkdir-1960_firmwareMatch1.11b03beta

AND

dlinkdir-1960Match-

Node

dlinkdir-2640_firmwareMatch1.01b04

dlinkdir-2640_firmwareMatch1.11b02

AND

dlinkdir-2640Matcha1

Node

dlinkdir-2660_firmwareMatch1.00b14

dlinkdir-2660_firmwareMatch1.01b03

dlinkdir-2660_firmwareMatch1.02b01

dlinkdir-2660_firmwareMatch1.03b04

dlinkdir-2660_firmwareMatch1.11b04beta

AND

dlinkdir-2660Match-

Node

dlinkdir-3040_firmwareMatch1.11b02

dlinkdir-3040_firmwareMatch1.12b01

dlinkdir-3040_firmwareMatch1.13b03

dlinkdir-3040_firmwareMatch1.20b03

AND

dlinkdir-3040Matcha1

Node

dlinkdir-3060_firmwareMatch1.01b07

dlinkdir-3060_firmwareMatch1.02b03

dlinkdir-3060_firmwareMatch1.11b02

dlinkdir-3060_firmwareMatch1.11b04

AND

dlinkdir-3060Matcha1

Node

dlinkdir-867_firmwareMatch1.10b04

dlinkdir-867_firmwareMatch1.30b07

AND

dlinkdir-867Match-

Node

dlinkdir-882_firmwareMatch1.30b06

dlinkdir-882_firmwareMatch1.30b10

AND

dlinkdir-882Matcha1

CPENameOperatorVersion
dlink:dir-1360_firmwaredlink dir-1360 firmwareeq1.02b03
dlink:dir-1360_firmwaredlink dir-1360 firmwareeq1.03b02
dlink:dir-1360_firmwaredlink dir-1360 firmwareeq1.11b04

CPE	Name	Operator	Version
dlink:dir-1360_firmware	dlink dir-1360 firmware	eq	1.02b03
dlink:dir-1360_firmware	dlink dir-1360 firmware	eq	1.03b02
dlink:dir-1360_firmware	dlink dir-1360 firmware	eq	1.11b04

CNA Affected

[
  {
    "product": "D-Link Routers",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "DIR-1360 A1 firmware version 1.02B03, DIR-1360 A1 firmware version 1.03B02, DIR-1360 A1 firmware version 1.11B04, DIR-1360 firmware version 1.00B15, DIR-1360 firmware version 1.01B03, DIR-1760 firmware version 1.01B04, DIR-1960 A1 firmware version 1.02B01, DIR-1960 A1 firmware version 1.03B03, DIR-1960 A1 firmware version 1.11B03, DIR-2640 A1 firmware version 1.01B04, DIR-2640 A1 firmware version 1.11B02, DIR-2660 A1 firmware version 1.04B03, DIR-2660 A1 firmware version 1.11B04, DIR-2660 firmware version 1.00B14, DIR-2660 firmware version 1.01B03, DIR-2660 firmware version 1.02B01, DIR-2660 firmware version 1.03B04, DIR-3040 A1 firmware version 1.11B02, DIR-3040 A1 firmware version 1.12B01, DIR-3040 A1 firmware version 1.13B03, DIR-3040 A1 firmware version 1.20B03, DIR-3060 A1 firmware version 1.01B07, DIR-3060 A1 firmware version 1.02B03, DIR-3060 A1 firmware version 1.11B04, DIR-3060 firmware version 1.00B12, DIR-867 A1 firmware version 1.20B10, DIR-867 firmware version 1.10B04, DIR-867 fir ...[truncated*]"
      }
    ]
  }
]

References

www.tenable.com/security/research/tra-2022-09

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

Related for CVE-2022-1262

cvelist1 nvd1 prion1