CVE-2022-44808

A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1
https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-823G/2	Exploit Third Party Advisory
https://www.dlink.com/en/security-bulletin/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-823g_firmware:1.02b03:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-823g:-:*:*:*:*:*:*:*

History

13 Jul 2023, 16:15

Type	Values Removed	Values Added
References		(MISC) https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1 -

23 Nov 2022, 19:52

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-22 15:15

Updated : 2024-02-04 23:14

NVD link : CVE-2022-44808

Mitre link : CVE-2022-44808

CVE.ORG link : CVE-2022-44808

JSON object : View

Products Affected

dlink

dir-823g
dir-823g_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2022-44808", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-11-22T15:15:13.827", "references": [{"url": "https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1", "source": "cve@mitre.org"}, {"url": "https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-823G/2", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.dlink.com/en/security-bulletin/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de inyecci\u00f3n de comandos en dispositivos D-Link DIR-823G con versi\u00f3n de firmware 1.02B03 que permite a un atacante ejecutar comandos arbitrarios del sistema operativo a trav\u00e9s de solicitudes /HNAP1 bien dise\u00f1adas. Antes de que la funci\u00f3n API de HNAP pueda procesar la solicitud, la funci\u00f3n del sistema ejecuta un comando que no es de confianza que desencadena la vulnerabilidad."}], "lastModified": "2023-07-13T16:15:08.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-823g_firmware:1.02b03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D25EA7A1-3406-41F7-A49A-6089BCEC6A7D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-823g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67B980AA-84BE-4D22-B4E7-7B2DBF571B65"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}