VYPR
Unrated severityNVD Advisory· Published Nov 17, 2022· Updated Apr 29, 2025

DLINK - DSL-224 Post-auth RCE.

CVE-2022-36786

Description

DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.

Affected products

2
  • Dlink/DSL-224llm-create2 versions
    =3.0.8+ 1 more
    • (no CPE)range: =3.0.8
    • (no CPE)range: All versions

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.