Overview
- Description
- Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- D-Link Multiple Routers Command Injection Vulnerability
- Exploit added on
- Mar 25, 2022
- Exploit action due
- Apr 15, 2022
- Required action
- The impacted product is end-of-life and should be disconnected if still in use.
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "525853B4-1C30-4D96-AD4F-26FD77469B33",
"versionEndIncluding": "3.02b05"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-655:cx:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8F90F9E0-0F90-4AFD-868C-370882C47248"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-866l_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA174575-0468-4AB1-A504-B5AA559D3219",
"versionEndIncluding": "1.03b04"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-866l:ax:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "52177D2B-D7F8-4351-A169-FDF6A5FBF44D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-652_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1147272F-0F23-4606-A84E-CA971414C65B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-652:ax:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2E4D52D3-71FD-4D29-881A-393B35F3DB65"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dhp-1565_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "369D2C8E-89F1-4E03-8DA0-BA2DB1245569",
"versionEndIncluding": "1.01"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dhp-1565:ax:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BAFB86EA-966B-4DB3-9B81-198878D76573"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-855l_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "239F0015-2834-4DBB-B115-58871D0FF764"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-855l:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7EB62BC4-69BC-40D7-A8E7-F5728B827250"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dap-1533_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB7D656D-47B5-4269-A155-741D60F818CD"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dap-1533:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0D3E4627-940F-4859-BC67-B6229BC0AFD8"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-862l_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "380A4761-5474-4F52-A4EE-62844D5EE82C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-862l:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0552E33F-BB39-4701-B91A-1DB33992505C"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-615_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C55E6D4-820D-469F-A343-635A621C0D7C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2E92E959-C211-4979-A233-163BEFCF6F0D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-835_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCFE0993-C19A-4C60-B8C6-E549D748537A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-835:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D1B91013-E79E-4076-916D-D52D6E417EA7"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-825_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEC49DA6-D1F4-4A2A-904E-907356F3C804"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7038F8A9-03F3-4442-B371-84801EF05447"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]