Details of VAR-202212-1497

ID

VAR-202212-1497

CVE

CVE-2022-44832

TITLE

D-Link DIR-3040 Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2023-28115 // CNNVD: CNNVD-202212-3268

DESCRIPTION

D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DIR-3040 is a router of D-Link company in China. Provides the ability to connect to the network. The vulnerability stems from the failure of the SetTriggerLEDBlink function to correctly filter special characters and commands in the construction command. Attackers can use this vulnerability to cause arbitrary command execution

Trust: 2.16

sources: NVD: CVE-2022-44832 // JVNDB: JVNDB-2022-023423 // CNVD: CNVD-2023-28115

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-28115

AFFECTED PRODUCTS

vendor:	d link	model:	dir-3040	scope:	-	version:	-	Trust: 1.4
vendor:	dlink	model:	dir-3040	scope:	eq	version:	120b03	Trust: 1.0
vendor:	d link	model:	dir-3040	scope:	eq	version:	dir-3040 firmware 120b03	Trust: 0.8
vendor:	d link	model:	dir-3040	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2023-28115 // JVNDB: JVNDB-2022-023423 // NVD: CVE-2022-44832

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-44832
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-44832
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2023-28115
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202212-3268
value:	CRITICAL
Trust: 0.6

CNVD:	CNVD-2023-28115
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-44832
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-44832
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-28115 // JVNDB: JVNDB-2022-023423 // CNNVD: CNNVD-202212-3268 // NVD: CVE-2022-44832

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023423 // NVD: CVE-2022-44832

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3268

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202212-3268

EXTERNAL IDS

db:	NVD	id:	CVE-2022-44832	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-023423	Trust: 0.8
db:	CNVD	id:	CNVD-2023-28115	Trust: 0.6
db:	CNNVD	id:	CNNVD-202212-3268	Trust: 0.6

sources: CNVD: CNVD-2023-28115 // JVNDB: JVNDB-2022-023423 // CNNVD: CNNVD-202212-3268 // NVD: CVE-2022-44832

REFERENCES

url:	https://www.dlink.com/en/security-bulletin/	Trust: 3.0
url:	https://github.com/flamingo1616/iot_vuln/blob/main/d-link/dir-3040/6.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-44832	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-44832/	Trust: 0.6

sources: CNVD: CNVD-2023-28115 // JVNDB: JVNDB-2022-023423 // CNNVD: CNNVD-202212-3268 // NVD: CVE-2022-44832

SOURCES

db:	CNVD	id:	CNVD-2023-28115
db:	JVNDB	id:	JVNDB-2022-023423
db:	CNNVD	id:	CNNVD-202212-3268
db:	NVD	id:	CVE-2022-44832

LAST UPDATE DATE

2024-08-14T14:02:11.579000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-28115	date:	2023-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-023423	date:	2023-11-29T01:06:00
db:	CNNVD	id:	CNNVD-202212-3268	date:	2022-12-19T00:00:00
db:	NVD	id:	CVE-2022-44832	date:	2022-12-16T20:22:35.763

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-28115	date:	2023-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-023423	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202212-3268	date:	2022-12-14T00:00:00
db:	NVD	id:	CVE-2022-44832	date:	2022-12-14T15:15:10.467