CVE-2022-26258
D-Link DIR-820L Remote Code Execution Vulnerability
CVSS
9.8
Crítico
EPSS
81.1%
p100
KEV
SÍ
8 sept 2022
Exploit Today
80
0-100
Publicado: 28 mar 2022 · Última mod.: 9 jul 2026 · CWE-78
Producto
D-Link / DIR-820L
Vulnerabilidad
D-Link DIR-820L Remote Code Execution Vulnerability
Añadido a KEV
8 sept 2022
Remediar antes de
29 sept 2022
Uso conocido en ransomware
No
Descripción resumida
D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.
Acción requerida
The impacted product is end-of-life and should be disconnected if still in use.
Notas
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10295; https://nvd.nist.gov/vuln/detail/CVE-2022-26258
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
- github.comhttps://github.com/skyedai910/Vuln/tree/master/DIR-820L/command_execution_0
- github.comhttps://github.com/zhizhuoshuma/cve_info_data/blob/ccaed4b94ba762eb8a8e003bfa762a7754b8182e/Vuln/Vuln/DIR-820L/command_execution_0/README.md
- www.dlink.comhttps://www.dlink.com/en/security-bulletin/
- github.comhttps://github.com/skyedai910/Vuln/tree/master/DIR-820L/command_execution_0
- github.comhttps://github.com/zhizhuoshuma/cve_info_data/blob/ccaed4b94ba762eb8a8e003bfa762a7754b8182e/Vuln/Vuln/DIR-820L/command_execution_0/README.md
- www.dlink.comhttps://www.dlink.com/en/security-bulletin/
- www.cisa.govhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26258