Cyber Resilience

CVE-2022-28956

CriticalPublic PoC

Published: 18 May 2022

Published
18 May 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2839 96.6th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-28956 is a critical-severity an unspecified weakness vulnerability in Dlink Dir-816L Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 3.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2022-28956 is an unauthenticated access vulnerability in the getcfg.php component of D-Link DIR816L_FW206b01 firmware. The flaw carries a CVSS 3.1 base score of 9.8 and is exploitable over the network without credentials or user interaction, resulting in full compromise of confidentiality, integrity, and availability.

Remote attackers can submit a crafted payload to the affected endpoint to obtain device access. Successful exploitation grants an adversary the ability to read or modify configuration data and potentially take full control of the router.

D-Link has published a security bulletin addressing the issue, while public proof-of-concept code is available on GitHub. The associated EPSS score reached a peak of 0.4091 after disclosure before settling at the current value of 0.2839, indicating that exploitation interest emerged following the initial announcement.

EU & UK References

Vulnerability details

An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-816l firmware
206b01

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References