Details of VAR-202205-1571

ID

VAR-202205-1571

CVE

CVE-2022-28958

TITLE

D-Link DIR816L Remote Code Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-41743

DESCRIPTION

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. The D-Link DIR816 is a dual-band router. D-Link DIR816L_FW206b01 has a remote code execution vulnerability that stems from the fact that the value parameter of shareport.php fails to properly filter the special elements that construct the code segment. An attacker could exploit this vulnerability to cause arbitrary code execution

Trust: 1.53

sources: NVD: CVE-2022-28958 // CNVD: CNVD-2022-41743 // VULMON: CVE-2022-28958

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-41743

AFFECTED PRODUCTS

vendor:

d link

model:

dir816l fw206b01

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2022-41743

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2022-41743
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202205-3673
value:	CRITICAL
Trust: 0.6

CNVD:	CNVD-2022-41743
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2022-41743 // CNNVD: CNNVD-202205-3673

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3673

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3673

PATCH

title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2023/12/06/dud_cve_removed/	Trust: 0.1

sources: VULMON: CVE-2022-28958

EXTERNAL IDS

db:	NVD	id:	CVE-2022-28958	Trust: 2.3
db:	CNVD	id:	CNVD-2022-41743	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3673	Trust: 0.6
db:	VULMON	id:	CVE-2022-28958	Trust: 0.1

sources: CNVD: CNVD-2022-41743 // VULMON: CVE-2022-28958 // CNNVD: CNNVD-202205-3673 // NVD: CVE-2022-28958

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2022-28958	Trust: 0.6
url:	https://www.dlink.com/en/security-bulletin/	Trust: 0.6
url:	https://vulncheck.com/blog/moobot-uses-fake-vulnerability	Trust: 0.6
url:	https://github.com/shijin0925/iot/blob/master/dir816/3.md	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-28958/	Trust: 0.6
url:	https://www.theregister.co.uk/2023/12/06/dud_cve_removed/	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/ostorlab/kev	Trust: 0.1

sources: CNVD: CNVD-2022-41743 // VULMON: CVE-2022-28958 // CNNVD: CNNVD-202205-3673

SOURCES

db:	CNVD	id:	CNVD-2022-41743
db:	VULMON	id:	CVE-2022-28958
db:	CNNVD	id:	CNNVD-202205-3673
db:	NVD	id:	CVE-2022-28958

LAST UPDATE DATE

2024-08-14T14:10:49.264000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-41743	date:	2022-05-29T00:00:00
db:	VULMON	id:	CVE-2022-28958	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202205-3673	date:	2022-12-12T00:00:00
db:	NVD	id:	CVE-2022-28958	date:	2023-11-29T21:15:07.480

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-41743	date:	2022-05-27T00:00:00
db:	VULMON	id:	CVE-2022-28958	date:	2022-05-18T00:00:00
db:	CNNVD	id:	CNNVD-202205-3673	date:	2022-05-18T00:00:00
db:	NVD	id:	CVE-2022-28958	date:	2022-05-18T12:15:08.120