CVE-2022-40799
published 2022-11-29CVE-2022-40799: Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.
PriorityP186high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2025-08-26
Exploited in the wild
EPSS
31.33%
98.1th percentile
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dnr-322l_firmware | <= 2.60b15 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is 'Data Integrity Failure in Backup Config' — monitor for authenticated requests to the Backup Config functionality on D-Link DNR-322L devices that may deliver or trigger execution of unauthenticated/unverified code/commands ↗
- →Classify as 'Download of Code Without Integrity Check' — look for network traffic from the device fetching and executing externally-hosted code/configs without integrity validation, particularly following a Backup Config operation ↗
- ·Exploitation requires authentication — prioritize monitoring for authenticated sessions interacting with the Backup Config feature, and audit all accounts with access to the device management interface ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
cisa·2025-08-05·CVSS 8.8
CVE-2022-40799 [HIGH] CWE-494 D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
Vulnerability: D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
Affected: D-Link DNR-322L
D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://www.dlink.com/uk/en/products/dnr-322l-cloud-network-video-recorder ; https://nvd.nist.gov/vuln/detail/CVE-2022-40799
Remediation Due Date: 2025-08-26
GHSA
GHSA-xh8c-gmc9-9v6x: Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2
ghsa_unreviewed·2022-11-29
CVE-2022-40799 [HIGH] CWE-494 GHSA-xh8c-gmc9-9v6x: Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.
VulnCheck
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
vulncheck·2022·CVSS 8.8
CVE-2022-40799 [HIGH] CWE-494 D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Affected: D-Link DNR-322L
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.rapid7.com/cdn/assets/bltbd2f1cd70f9e3e7f/691360b9c91291146f1a5308/threat-landscape-report-q3-2025.pd
No detection rules found.
No public exploits indexed.
2022-11-29
Published
2025-08-05
Added to CISA KEV
Exploited in the wild