ID

VAR-202204-1676


CVE

CVE-2022-26670


TITLE

of D-Link Japan Co., Ltd.  dir-878  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-007771

DESCRIPTION

D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service. of D-Link Japan Co., Ltd. dir-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router from D-Link Company in Taiwan

Trust: 2.16

sources: NVD: CVE-2022-26670 // JVNDB: JVNDB-2022-007771 // CNVD: CNVD-2022-38533

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-38533

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-878scope:lteversion:1.20b05

Trust: 1.0

vendor:ディーリンクジャパン株式会社model:dir-878scope: - version: -

Trust: 0.8

vendor:ディーリンクジャパン株式会社model:dir-878scope:eqversion: -

Trust: 0.8

vendor:ディーリンクジャパン株式会社model:dir-878scope:lteversion:dir-878 firmware 1.20b05 and earlier

Trust: 0.8

vendor:d linkmodel:dir-878 1.20b05scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-38533 // JVNDB: JVNDB-2022-007771 // NVD: CVE-2022-26670

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-26670
value: HIGH

Trust: 1.0

twcert@cert.org.tw: CVE-2022-26670
value: HIGH

Trust: 1.0

NVD: CVE-2022-26670
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-38533
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202204-2603
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-26670
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-38533
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-26670
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-26670
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-38533 // JVNDB: JVNDB-2022-007771 // CNNVD: CNNVD-202204-2603 // NVD: CVE-2022-26670 // NVD: CVE-2022-26670

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-007771 // NVD: CVE-2022-26670

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202204-2603

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202204-2603

PATCH

title:Patch for D-Link DIR-878 Command Injection Vulnerability (CNVD-2022-38533)url:https://www.cnvd.org.cn/patchInfo/show/333361

Trust: 0.6

sources: CNVD: CNVD-2022-38533

EXTERNAL IDS

db:NVDid:CVE-2022-26670

Trust: 3.8

db:JVNDBid:JVNDB-2022-007771

Trust: 0.8

db:CNVDid:CNVD-2022-38533

Trust: 0.6

db:CNNVDid:CNNVD-202204-2603

Trust: 0.6

sources: CNVD: CNVD-2022-38533 // JVNDB: JVNDB-2022-007771 // CNNVD: CNNVD-202204-2603 // NVD: CVE-2022-26670

REFERENCES

url:https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-26670

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-26670/

Trust: 0.6

sources: CNVD: CNVD-2022-38533 // JVNDB: JVNDB-2022-007771 // CNNVD: CNNVD-202204-2603 // NVD: CVE-2022-26670

SOURCES

db:CNVDid:CNVD-2022-38533
db:JVNDBid:JVNDB-2022-007771
db:CNNVDid:CNNVD-202204-2603
db:NVDid:CVE-2022-26670

LAST UPDATE DATE

2024-08-14T14:10:51.439000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-38533date:2022-05-20T00:00:00
db:JVNDBid:JVNDB-2022-007771date:2023-07-20T08:14:00
db:CNNVDid:CNNVD-202204-2603date:2022-04-15T00:00:00
db:NVDid:CVE-2022-26670date:2022-04-14T18:37:20.093

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-38533date:2022-05-20T00:00:00
db:JVNDBid:JVNDB-2022-007771date:2023-07-20T00:00:00
db:CNNVDid:CNNVD-202204-2603date:2022-04-07T00:00:00
db:NVDid:CVE-2022-26670date:2022-04-07T19:15:08.957