A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.
References
Link | Resource |
---|---|
https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1 | |
https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-823G/2 | Exploit Third Party Advisory |
https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-11-22T00:00:00
Updated: 2023-07-13T00:00:00
Reserved: 2022-11-07T00:00:00
Link: CVE-2022-44808
JSON object: View
NVD Information
Status : Modified
Published: 2022-11-22T15:15:13.827
Modified: 2023-07-13T16:15:08.917
Link: CVE-2022-44808
JSON object: View
Redhat Information
No data.
CWE