CVE-2022-28895
Published: 10 May 2022
Summary
CVE-2022-28895 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir-882 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 3.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A command injection vulnerability tracked as CVE-2022-28895 affects the /setnetworksettings/IPAddress component of D-Link DIR882 running firmware DIR882A1_FW130B06. The flaw is an instance of CWE-78 and received a CVSS 3.1 base score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction.
An unauthenticated attacker can submit a crafted payload to the affected endpoint and obtain root privileges on the device. Successful exploitation grants full control of the router, including the ability to alter configuration, intercept traffic, or use the device as a pivot point inside the local network.
D-Link has published security bulletins on the issue at its official security page, while technical details and proof-of-concept material appear in public repositories.
The CVE’s EPSS score reached a peak of 0.3342 and currently stands at 0.2861.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-33330
Vulnerability details
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.