CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-36786

DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.6%

CVSS Severity

CVSS v3 Score 9.9

References

https://www.gov.il/en/Departments/faq/cve_advisories
https://www.gov.il/en/Departments/faq/cve_advisories

Products affected by CVE-2022-36786

Dlink » Dsl-224 » Version: N/A

cpe:2.3:h:dlink:dsl-224:-
Dlink » Dsl-224 Firmware » Version: N/A

cpe:2.3:o:dlink:dsl-224_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-36786

Products

Pricing

Contact Us