CVE-2022-42160

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:covr_1203_firmware:1.08:*:*:*:*:*:*:*
cpe:2.3:h:dlink:covr_1203:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:covr_1202_firmware:1.08:*:*:*:*:*:*:*
cpe:2.3:h:dlink:covr_1202:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dlink:covr_1200_firmware:1.08:*:*:*:*:*:*:*
cpe:2.3:h:dlink:covr_1200:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-10-13 19:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-42160

Mitre link : CVE-2022-42160

CVE.ORG link : CVE-2022-42160


JSON object : View

Products Affected

dlink

  • covr_1203_firmware
  • covr_1202
  • covr_1202_firmware
  • covr_1200_firmware
  • covr_1203
  • covr_1200
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')