D-Link DSL-G2452DG security bypass | CVE-2022-28932
NAME
D-Link DSL-G2452DG security bypass
- Platforms Affected:
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 - Risk Level:
9.8 - Exploitability:
Unproven - Consequences:
Bypass Security
DESCRIPTION
D-Link DSL-G2452DG could allow a remote attacker to bypass security restrictions, caused by insecure permissions in the execute_cmd.cgi file. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain administrative access.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Unavailable
MITIGATION
No remedy available as of May 24, 2022.
- Reference Link:
https://github.com/1759134370/iot/blob/main/dsl - Reference Link:
https://www.dlink.com/en/products/dsl-g2452dg-dual-band-wireless-ac1200-vdsl2–adsl2-modem-router-with-voip
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.