CVE-2022-34974
Published: 03 August 2022
Summary
CVE-2022-34974 is a critical-severity Command Injection (CWE-77) vulnerability in Dlink Dir-810L Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 4.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
D-Link DIR810LA1_FW102B22 contains a command injection vulnerability in the Ping_addr function, tracked as CVE-2022-34974 with CWE-77. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible unauthenticated exploitation that can yield full confidentiality, integrity, and availability impact on the affected router firmware.
An attacker with network reachability can supply crafted input to the Ping_addr function and execute arbitrary commands on the device without authentication or user interaction. Successful exploitation grants complete control over the router, enabling actions such as traffic interception, configuration changes, or use of the device as an entry point into connected networks.
D-Link publishes security bulletins addressing the issue, while public proof-of-concept material is available on GitHub. The EPSS score has remained at 0.2231 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-37875
Vulnerability details
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.