CVE-2022-36786

DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dsl-224_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-224:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:13

Type Values Removed Values Added
References () https://www.gov.il/en/Departments/faq/cve_advisories - Third Party Advisory () https://www.gov.il/en/Departments/faq/cve_advisories - Third Party Advisory

25 Oct 2023, 18:17

Type Values Removed Values Added
Summary DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.

Information

Published : 2022-11-17 23:15

Updated : 2024-11-21 07:13


NVD link : CVE-2022-36786

Mitre link : CVE-2022-36786

CVE.ORG link : CVE-2022-36786


JSON object : View

Products Affected

dlink

  • dsl-224_firmware
  • dsl-224
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')