CVE-2022-37133

D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-816_firmware:1.10cnb04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*

History

24 Aug 2022, 15:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-404
References (MISC) https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/doReboot/readme.md - (MISC) https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/doReboot/readme.md - Exploit, Third Party Advisory
References (MISC) https://www.dlink.com/en/security-bulletin/ - (MISC) https://www.dlink.com/en/security-bulletin/ - Vendor Advisory
CPE cpe:2.3:o:dlink:dir-816_firmware:1.10cnb04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*

22 Aug 2022, 16:35

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-22 15:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-37133

Mitre link : CVE-2022-37133

CVE.ORG link : CVE-2022-37133


JSON object : View

Products Affected

dlink

  • dir-816_firmware
  • dir-816
CWE
CWE-404

Improper Resource Shutdown or Release