CVE-2022-28895
Description
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Command injection in D-Link DIR882 router's /setnetworksettings/IPAddress allows attackers to escalate privileges to root.
Vulnerability
The vulnerability is a command injection in the /setnetworksettings/IPAddress endpoint of D-Link DIR882 router firmware version DIR882A1_FW130B06. The IPAddress parameter is not properly sanitized, allowing injection of arbitrary system commands.
Exploitation
An attacker can send a crafted HTTP request to the /setnetworksettings/IPAddress endpoint with a malicious payload in the IPAddress parameter. No authentication is required if the endpoint is exposed. The injected commands are executed with root privileges due to the context of the web server.
Impact
Successful exploitation allows an attacker to execute arbitrary commands as root, leading to full compromise of the device. This includes the ability to modify system settings, install malware, or pivot to other network hosts.
Mitigation
As of the publication date (2022-05-10), no official patch or workaround has been disclosed by D-Link. The reference [1] provides a general security bulletin page but no specific fix. Users should monitor D-Link's security advisories for updates. If the device is no longer supported, consider replacing it.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- D-Link/DIR882description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/1mitrex_refsource_MISC
- www.dlink.com/en/security-bulletin/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.