CVE-2022-48108
Published: 27 January 2023
Summary
CVE-2022-48108 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir 878 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 4.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
D-Link DIR-878 firmware version 1.30B08 contains a command-injection flaw in the /SetNetworkSettings/SubnetMask handler. The vulnerability is tracked as CVE-2022-48108, carries a CVSS 3.1 score of 9.8, and is classified under CWE-78. An unauthenticated network attacker can supply a crafted SubnetMask value that is concatenated into a system command and executed with root privileges.
Because the affected endpoint is reachable over the network without authentication or user interaction, an attacker who can reach the router’s web interface can obtain full control of the device. Successful exploitation grants the ability to read or modify any configuration, install persistent malware, or pivot to other hosts on the LAN.
Vendor advisories and proof-of-concept details are referenced in D-Link’s security bulletin and in public repositories that demonstrate the injection payload. The EPSS score for this CVE has remained at 0.2188 since disclosure, indicating steady but not sharply increasing exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-50822
Vulnerability details
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.