CVE-2022-1262

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-1262
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.tenable.com/security/research/tra-2022-09 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:dlink:dir-1360_firmware:1.02b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.03b02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.11b04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1360:a1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:dlink:dir-1760_firmware:1.01b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1760_firmware:1.11b03:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1760:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:dlink:dir-1960_firmware:1.02b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1960_firmware:1.03b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1960_firmware:1.11b03:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1960:a1:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2640:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:dlink:dir-2660_firmware:1.04b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.11b04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2660:a1:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dlink:dir-3040_firmware:1.13b03:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3040:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:dlink:dir-3060_firmware:1.00b12:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.11b04:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3060:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dlink:dir-867_firmware:1.20b10:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-867:a1:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:dlink:dir-878_firmware:1.20b05:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-878_firmware:1.30b08:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dlink:dir-882_firmware:1.20b06:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:dlink:dir-1360_firmware:1.00b15:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.01b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.11b04:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1360:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dlink:dir-1960_firmware:1.11b03:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1960:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
OR cpe:2.3:o:dlink:dir-2640_firmware:1.01b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2640:a1:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
OR cpe:2.3:o:dlink:dir-2660_firmware:1.00b14:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.01b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.02b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.03b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.11b04:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2660:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
OR cpe:2.3:o:dlink:dir-3040_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.12b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.13b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.20b03:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3040:a1:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
OR cpe:2.3:o:dlink:dir-3060_firmware:1.01b07:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.02b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.11b04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3060:a1:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
OR cpe:2.3:o:dlink:dir-867_firmware:1.10b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-867_firmware:1.30b07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-867:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
OR cpe:2.3:o:dlink:dir-882_firmware:1.30b06:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-882_firmware:1.30b10:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-882:a1:*:*:*:*:*:*:*
History

18 Apr 2022, 14:31

Type Values Removed Values Added
CWE CWE-78
CVSS v2 : unknown
v3 : unknown 		v2 : 7.2
v3 : 7.8
First Time Dlink dir-1960 Firmware
Dlink dir-3040
Dlink dir-867
Dlink dir-2660
Dlink dir-1960
Dlink dir-1360 Firmware
Dlink dir-2640
Dlink
Dlink dir-3060
Dlink dir-2660 Firmware
Dlink dir-878
Dlink dir-882
Dlink dir-3060 Firmware
Dlink dir-882 Firmware
Dlink dir-867 Firmware
Dlink dir-3040 Firmware
Dlink dir-878 Firmware
Dlink dir-1760
Dlink dir-1360
Dlink dir-1760 Firmware
Dlink dir-2640 Firmware
References (MISC) https://www.tenable.com/security/research/tra-2022-09 - (MISC) https://www.tenable.com/security/research/tra-2022-09 - Exploit, Third Party Advisory
CPE cpe:2.3:o:dlink:dir-2660_firmware:1.01b03:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3060:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.02b01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2640:a1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2640_firmware:1.01b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.02b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.11b04:beta:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1760_firmware:1.11b03:beta:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.02b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.03b02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3060:a1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.13b03:beta:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1960_firmware:1.03b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:beta:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.12b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-878_firmware:1.20b05:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1360:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1760:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-867:a1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.20b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.11b04:beta:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1960:a1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.04b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-882_firmware:1.20b06:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1760_firmware:1.01b04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-882:a1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.01b07:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1360:a1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.01b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-867_firmware:1.10b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1960_firmware:1.02b01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-867:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-867_firmware:1.20b10:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3040:a1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.11b02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.00b12:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-882_firmware:1.30b10:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-3040:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.11b04:beta:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-867_firmware:1.30b07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2640:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2660:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3060_firmware:1.11b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.00b15:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.03b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1960_firmware:1.11b03:beta:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1960_firmware:1.11b03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-1360_firmware:1.11b04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-882_firmware:1.30b06:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-3040_firmware:1.13b03:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2660:a1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.11b04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-878_firmware:1.30b08:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1960:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-2660_firmware:1.00b14:*:*:*:*:*:*:*

11 Apr 2022, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-04-11 20:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-1262

Mitre link : CVE-2022-1262

CVE.ORG link : CVE-2022-1262

JSON object : View

Products Affected

dlink

  • dir-3060_firmware
  • dir-1960_firmware
  • dir-2660_firmware
  • dir-867
  • dir-878_firmware
  • dir-1760_firmware
  • dir-1360_firmware
  • dir-2640_firmware
  • dir-2640
  • dir-3040
  • dir-3060
  • dir-882
  • dir-882_firmware
  • dir-1360
  • dir-2660
  • dir-1960
  • dir-878
  • dir-867_firmware
  • dir-1760
  • dir-3040_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')