CVE-2022-28955
Description
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An access control flaw in D-Link DIR816L firmware lets unauthenticated attackers access restricted folder views.
Vulnerability
CVE-2022-28955 is an access control issue in D-Link DIR816L firmware version FW206b01. The vulnerability allows unauthenticated attackers to access the folder_view.php and category_view.php endpoints, which should be restricted [1]. No authentication or prior knowledge is required to reach these paths.
Exploitation
An attacker can exploit this vulnerability by sending a simple HTTP GET request to the vulnerable PHP endpoints. No authentication, network position, or user interaction is required. The attack can be carried out remotely without any special privileges [1].
Impact
Successful exploitation leads to unauthorized access to folder and category views. This could expose directory listings or configuration data that should be hidden from unauthenticated users. The exact information disclosed depends on the contents accessible via these endpoints [1].
Mitigation
D-Link has not yet published a firmware update for this vulnerability. The product may be end-of-life (EOL); users should check the D-Link security bulletin for updates [2]. If no patch is available, restrict network access to the device and disable the vulnerable endpoints via web server configuration if possible.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- D-Link/DIR816Ldescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing authentication check on folder_view.php and category_view.php allows unauthenticated access."
Attack vector
An unauthenticated attacker on the local network can directly request the URLs `http://192.168.0.1/webaccess/category_view.php` or `http://192.168.0.1/webaccess/folder_view.php` without any login or session token [ref_id=1]. The router fails to enforce an access control check on these pages, allowing any network-level attacker to view folder and category information [ref_id=1].
Affected code
The vulnerability affects the files `folder_view.php` and `category_view.php` located under the `/webaccess/` path on the D-Link DIR816L router running firmware version DIR816L_FW206b01 [ref_id=1].
What the fix does
No patch is provided in the bundle. The advisory notes that the issue exists in firmware version DIR816L_FW206b01 and directs users to the vendor's download portal at https://tsd.dlink.com.tw/ddgo for potential updates [ref_id=1]. The remediation would require the vendor to add proper authentication checks on `folder_view.php` and `category_view.php` so that only authenticated users can access them.
Preconditions
- networkAttacker must have network access to the D-Link DIR816L router (e.g., on the same LAN)
- authNo authentication or session is required
Reproduction
1. Ensure the target D-Link DIR816L router (firmware DIR816L_FW206b01) is reachable on the local network. 2. From any browser or HTTP client, navigate to `http://<router-ip>/webaccess/category_view.php` without providing any login credentials. 3. Observe that the page content is returned, confirming unauthorized access. 4. Repeat step 2 with `http://<router-ip>/webaccess/folder_view.php` [ref_id=1].
Generated on May 28, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/shijin0925/IOT/blob/master/DIR816/1.mdmitrex_refsource_MISC
- www.dlink.com/en/security-bulletin/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.