Details of VAR-202204-1676

ID

VAR-202204-1676

CVE

CVE-2022-26670

TITLE

of D-Link Japan Co., Ltd. dir-878 in the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-007771

DESCRIPTION

D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service. of D-Link Japan Co., Ltd. dir-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router from D-Link Company in Taiwan

Trust: 2.16

sources: NVD: CVE-2022-26670 // JVNDB: JVNDB-2022-007771 // CNVD: CNVD-2022-38533

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-38533

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-878	scope:	lte	version:	1.20b05	Trust: 1.0
vendor:	ディーリンクジャパン株式会社	model:	dir-878	scope:	-	version:	-	Trust: 0.8
vendor:	ディーリンクジャパン株式会社	model:	dir-878	scope:	eq	version:	-	Trust: 0.8
vendor:	ディーリンクジャパン株式会社	model:	dir-878	scope:	lte	version:	dir-878 firmware 1.20b05 and earlier	Trust: 0.8
vendor:	d link	model:	dir-878 1.20b05	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-38533 // JVNDB: JVNDB-2022-007771 // NVD: CVE-2022-26670

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26670
value:	HIGH
Trust: 1.0
twcert@cert.org.tw:	CVE-2022-26670
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26670
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-38533
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202204-2603
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-26670
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-38533
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-26670
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-26670
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-38533 // JVNDB: JVNDB-2022-007771 // CNNVD: CNNVD-202204-2603 // NVD: CVE-2022-26670 // NVD: CVE-2022-26670

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-007771 // NVD: CVE-2022-26670

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202204-2603

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202204-2603

PATCH

title:

Patch for D-Link DIR-878 Command Injection Vulnerability (CNVD-2022-38533)

url:

https://www.cnvd.org.cn/patchInfo/show/333361

Trust: 0.6

sources: CNVD: CNVD-2022-38533

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26670	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-007771	Trust: 0.8
db:	CNVD	id:	CNVD-2022-38533	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2603	Trust: 0.6

sources: CNVD: CNVD-2022-38533 // JVNDB: JVNDB-2022-007771 // CNNVD: CNNVD-202204-2603 // NVD: CVE-2022-26670

REFERENCES

url:	https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26670	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-26670/	Trust: 0.6

sources: CNVD: CNVD-2022-38533 // JVNDB: JVNDB-2022-007771 // CNNVD: CNNVD-202204-2603 // NVD: CVE-2022-26670

SOURCES

db:	CNVD	id:	CNVD-2022-38533
db:	JVNDB	id:	JVNDB-2022-007771
db:	CNNVD	id:	CNNVD-202204-2603
db:	NVD	id:	CVE-2022-26670

LAST UPDATE DATE

2024-08-14T14:10:51.439000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-38533	date:	2022-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-007771	date:	2023-07-20T08:14:00
db:	CNNVD	id:	CNNVD-202204-2603	date:	2022-04-15T00:00:00
db:	NVD	id:	CVE-2022-26670	date:	2022-04-14T18:37:20.093

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-38533	date:	2022-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-007771	date:	2023-07-20T00:00:00
db:	CNNVD	id:	CNNVD-202204-2603	date:	2022-04-07T00:00:00
db:	NVD	id:	CVE-2022-26670	date:	2022-04-07T19:15:08.957