Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-28955

CWE-287Improper Authentication4 documents4 sources
Severity
7.5HIGH
EPSS
92.7%
top 0.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Dlink Dir-816l Firmware
Timeline
PublishedMay 18
Latest updateMay 19

Description

An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-h93j-r724-8967: An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view2022-05-19
CVEList
CVE-2022-28955: An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view2022-05-18

💥Exploits & PoCs

1
Nuclei
D-Link DIR-816L - Improper Access Control
CVE-2022-28955 (HIGH CVSS 7.5) | An access control issue in D-Link D | cvebase.io