CVE-2022-37133Improper Resource Shutdown or Release in Dlink Dir-816 Firmware

CWE-404Improper Resource Shutdown or Release3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-816 Firmware
Timeline
PublishedAug 22
Latest updateAug 23

Description

D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDdlink/dir-816_firmware1.10cnb04

🔴Vulnerability Details

2
GHSA
GHSA-qjqh-pp4q-mrg7: D-link DIR-816 A2_v12022-08-23
CVEList
CVE-2022-37133: D-link DIR-816 A2_v12022-08-22
CVE-2022-37133 — Improper Resource Shutdown or Release | cvebase