CVE-2022-34527

D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:dlink:dsl-3782_firmware:1.01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsl-3782_firmware:1.03:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-3782:-:*:*:*:*:*:*:*

History

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-77 CWE-78

05 Aug 2022, 12:53

Type Values Removed Values Added
CPE cpe:2.3:o:dlink:dsl-3782_firmware:1.01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-3782:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsl-3782_firmware:1.03:*:*:*:*:*:*:*
CWE CWE-77
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://github.com/1160300418/Vuls/blob/main/D-Link/DSL-3782/CMDi_in_D-Link%20DSL-3782.md - (MISC) https://github.com/1160300418/Vuls/blob/main/D-Link/DSL-3782/CMDi_in_D-Link%20DSL-3782.md - Exploit, Third Party Advisory
References (MISC) https://www.dlink.com/en/security-bulletin/ - (MISC) https://www.dlink.com/en/security-bulletin/ - Vendor Advisory

29 Jul 2022, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-29 23:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-34527

Mitre link : CVE-2022-34527

CVE.ORG link : CVE-2022-34527


JSON object : View

Products Affected

dlink

  • dsl-3782
  • dsl-3782_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')