CVE-2022-28956
Published: 18 May 2022
Summary
CVE-2022-28956 is a critical-severity an unspecified weakness vulnerability in Dlink Dir-816L Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 3.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2022-28956 is an unauthenticated access vulnerability in the getcfg.php component of D-Link DIR816L_FW206b01 firmware. The flaw carries a CVSS 3.1 base score of 9.8 and is exploitable over the network without credentials or user interaction, resulting in full compromise of confidentiality, integrity, and availability.
Remote attackers can submit a crafted payload to the affected endpoint to obtain device access. Successful exploitation grants an adversary the ability to read or modify configuration data and potentially take full control of the router.
D-Link has published a security bulletin addressing the issue, while public proof-of-concept code is available on GitHub. The associated EPSS score reached a peak of 0.4091 after disclosure before settling at the current value of 0.2839, indicating that exploitation interest emerged following the initial announcement.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-33388
Vulnerability details
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.