Lucene search

[email protected]CVE-2022-42161

HistoryOct 13, 2022 - 7:15 p.m.

CVE-2022-42161

2022-10-1319:15:10

CWE-77

[email protected]

web.nvd.nist.gov

d-link

covr

1200

1202

1203

v1.08

wps

command injection

vulnerability

nvd

cve-2022-42161

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.8%

JSON

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.

Affected configurations

NVD

Node

dlinkcovr_1203_firmwareMatch1.08

AND

dlinkcovr_1203Match-

Node

dlinkcovr_1202_firmwareMatch1.08

AND

dlinkcovr_1202Match-

Node

dlinkcovr_1200_firmwareMatch1.08

AND

dlinkcovr_1200Match-

CPENameOperatorVersion
dlink:covr_1203_firmwaredlink covr 1203 firmwareeq1.08

CPE	Name	Operator	Version
dlink:covr_1203_firmware	dlink covr 1203 firmware	eq	1.08

References

github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf

www.dlink.com/en/security-bulletin/

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for CVE-2022-42161

prion1 nvd1 cvelist1