Cyber Resilience

CVE-2022-48108

CriticalPublic PoCRCE

Published: 27 January 2023

Published
27 January 2023
Modified
28 March 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2188 95.9th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-48108 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir 878 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 4.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

D-Link DIR-878 firmware version 1.30B08 contains a command-injection flaw in the /SetNetworkSettings/SubnetMask handler. The vulnerability is tracked as CVE-2022-48108, carries a CVSS 3.1 score of 9.8, and is classified under CWE-78. An unauthenticated network attacker can supply a crafted SubnetMask value that is concatenated into a system command and executed with root privileges.

Because the affected endpoint is reachable over the network without authentication or user interaction, an attacker who can reach the router’s web interface can obtain full control of the device. Successful exploitation grants the ability to read or modify any configuration, install persistent malware, or pivot to other hosts on the LAN.

Vendor advisories and proof-of-concept details are referenced in D-Link’s security bulletin and in public repositories that demonstrate the injection payload. The EPSS score for this CVE has remained at 0.2188 since disclosure, indicating steady but not sharply increasing exploitation interest.

EU & UK References

Vulnerability details

D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir 878 firmware
1.30b08

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References