CVE-2022-42161 — Command Injection in Dlink Covr 1200 Firmware

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

9.2%

top 7.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Covr 1200 Firmware Dlink Covr 1202 Firmware Dlink Covr 1203 Firmware

Timeline

PublishedOct 13

Latest updateOct 14

Description

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDdlink/covr_1200_firmware1.08

▶NVDdlink/covr_1202_firmware1.08

▶NVDdlink/covr_1203_firmware1.08

🔴Vulnerability Details

GHSA

GHSA-7x4q-86g3-3vwp: D-Link COVR 1200,1202,1203 v1↗2022-10-14

▶

CVEList

CVE-2022-42161: D-Link COVR 1200,1202,1203 v1↗2022-10-13

▶