Cyber Resilience

CVE-2022-34974

CriticalPublic PoCRCE

Published: 03 August 2022

Published
03 August 2022
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2231 95.9th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-34974 is a critical-severity Command Injection (CWE-77) vulnerability in Dlink Dir-810L Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 4.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

D-Link DIR810LA1_FW102B22 contains a command injection vulnerability in the Ping_addr function, tracked as CVE-2022-34974 with CWE-77. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible unauthenticated exploitation that can yield full confidentiality, integrity, and availability impact on the affected router firmware.

An attacker with network reachability can supply crafted input to the Ping_addr function and execute arbitrary commands on the device without authentication or user interaction. Successful exploitation grants complete control over the router, enabling actions such as traffic interception, configuration changes, or use of the device as an entry point into connected networks.

D-Link publishes security bulletins addressing the issue, while public proof-of-concept material is available on GitHub. The EPSS score has remained at 0.2231 with no material increase since disclosure.

EU & UK References

Vulnerability details

D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-810l firmware
1.02b22

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References