CVE-2022-44832

CWE-77Command Injection7 documents4 sources
Severity
9.8CRITICAL
EPSS
23.2%
top 4.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-3040 Firmware
Timeline
PublishedDec 14

Description

D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4rc3-56q2-qpp2: D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function2022-12-14
CVEList
CVE-2022-44832: D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function2022-12-14

📋Vendor Advisories

4
Oracle
Oracle Oracle Essbase Risk Matrix: Essbase Web Platform (Apache Log4j) — CVE-2021-448322022-10-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Charging Server (Apache Log4j) — CVE-2021-448322022-07-15
Oracle
Oracle Oracle SQL Developer Risk Matrix: Installation (Apache Log4j) — CVE-2021-448322022-04-15
Oracle
Oracle Oracle Communications Risk Matrix: Virtual Network Function Manager, API Gateway (Apache Log4j) — CVE-2021-448322022-01-15
CVE-2022-44832 (CRITICAL CVSS 9.8) | D-Link DIR-3040 device with firmwar | cvebase.io