CVE-2022-29778

D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php
References
Link Resource
https://github.com/TyeYeah/DIR-890L-1.20-RCE Exploit Third Party Advisory
https://www.dlink.com/en/security-bulletin/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*

History

28 Oct 2024, 21:35

Type Values Removed Values Added
CWE CWE-1052 CWE-798

01 Aug 2024, 13:42

Type Values Removed Values Added
CWE CWE-1052

07 Nov 2023, 03:46

Type Values Removed Values Added
Summary ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php. D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php

Information

Published : 2022-06-03 21:15

Updated : 2024-10-28 21:35


NVD link : CVE-2022-29778

Mitre link : CVE-2022-29778

CVE.ORG link : CVE-2022-29778


JSON object : View

Products Affected

dlink

  • dir-890l
  • dir-890l_firmware
CWE
NVD-CWE-noinfo CWE-798

Use of Hard-coded Credentials