CVE-2022-26258
D-Link DIR-820L Remote Code Execution Vulnerability
CVSS
9.8
Critical
EPSS
81.1%
p100
KEV
YES
Sep 8, 2022
Exploit Today
80
0-100
Published: Mar 28, 2022 · Last modified: Jul 9, 2026 · CWE-78
Product
D-Link / DIR-820L
Vulnerability
D-Link DIR-820L Remote Code Execution Vulnerability
Added to KEV
Sep 8, 2022
Remediate by
Sep 29, 2022
Known ransomware use
No
Summary description
D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.
Required action
The impacted product is end-of-life and should be disconnected if still in use.
Notes
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10295; https://nvd.nist.gov/vuln/detail/CVE-2022-26258
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
- github.comhttps://github.com/skyedai910/Vuln/tree/master/DIR-820L/command_execution_0
- github.comhttps://github.com/zhizhuoshuma/cve_info_data/blob/ccaed4b94ba762eb8a8e003bfa762a7754b8182e/Vuln/Vuln/DIR-820L/command_execution_0/README.md
- www.dlink.comhttps://www.dlink.com/en/security-bulletin/
- github.comhttps://github.com/skyedai910/Vuln/tree/master/DIR-820L/command_execution_0
- github.comhttps://github.com/zhizhuoshuma/cve_info_data/blob/ccaed4b94ba762eb8a8e003bfa762a7754b8182e/Vuln/Vuln/DIR-820L/command_execution_0/README.md
- www.dlink.comhttps://www.dlink.com/en/security-bulletin/
- www.cisa.govhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26258