CVE-2022-1262
HighPublic PoC
Published: 11 April 2022
Published
11 April 2022
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0118
79.2th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2022-1262 is a high-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir-2660 Firmware. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 20.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-24595
Vulnerability details
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
dlink
dir-1360 firmware
1.00b15, 1.01b03, 1.02b03, 1.03b02, 1.11b04
dlink
dir-1760 firmware
1.01b04, 1.11b03
dlink
dir-1960 firmware
1.02b01, 1.03b03, 1.11b03
dlink
dir-2640 firmware
1.01b04, 1.11b02
dlink
dir-2660 firmware
1.00b14, 1.01b03, 1.02b01, 1.03b04, 1.04b03
dlink
dir-3040 firmware
1.11b02, 1.12b01, 1.13b03, 1.20b03
dlink
dir-3060 firmware
1.00b12, 1.01b07, 1.02b03, 1.11b02, 1.11b04
dlink
dir-867 firmware
1.10b04, 1.20b10, 1.30b07
dlink
dir-878 firmware
1.20b05, 1.30b08
dlink
dir-882 firmware
1.20b06, 1.30b06, 1.30b10
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.