Cyber Resilience

CVE-2022-28895

CriticalPublic PoCRCE

Published: 10 May 2022

Published
10 May 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2861 96.6th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-28895 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir-882 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 3.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A command injection vulnerability tracked as CVE-2022-28895 affects the /setnetworksettings/IPAddress component of D-Link DIR882 running firmware DIR882A1_FW130B06. The flaw is an instance of CWE-78 and received a CVSS 3.1 base score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction.

An unauthenticated attacker can submit a crafted payload to the affected endpoint and obtain root privileges on the device. Successful exploitation grants full control of the router, including the ability to alter configuration, intercept traffic, or use the device as a pivot point inside the local network.

D-Link has published security bulletins on the issue at its official security page, while technical details and proof-of-concept material appear in public repositories.

The CVE’s EPSS score reached a peak of 0.3342 and currently stands at 0.2861.

EU & UK References

Vulnerability details

A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-882 firmware
1.30b06

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References