D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
CVE-2022-26258 | D-Link DIR-820L Remote Code Execution Vulnerability | secondary_impact | T1499.002 | Service Exhaustion Flood |
Comments
This remote command execution vulnerability is exploited by an adversary via HTTP POST to get set ccp. The exploit targets a command injection vulnerability in the /lan.asp component. The component does not successfully sanitize the value of the HTTP parameter DeviceName, which in turn can lead to arbitrary command execution. Adversaries have leveraged this vulnerability to spread a variant of Mirai botnet called MooBot to cause a distributed denial of service attack.
References
|
CVE-2022-26258 | D-Link DIR-820L Remote Code Execution Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This remote command execution vulnerability is exploited by an adversary via HTTP POST to get set ccp. The exploit targets a command injection vulnerability in the /lan.asp component. The component does not successfully sanitize the value of the HTTP parameter DeviceName, which in turn can lead to arbitrary command execution. Adversaries have leveraged this vulnerability to spread a variant of Mirai botnet called MooBot to cause a distributed denial of service attack.
References
|
CVE-2022-26258 | D-Link DIR-820L Remote Code Execution Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This remote command execution vulnerability is exploited by an adversary via HTTP POST to get set ccp. The exploit targets a command injection vulnerability in the /lan.asp component. The component does not successfully sanitize the value of the HTTP parameter DeviceName, which in turn can lead to arbitrary command execution. Adversaries have leveraged this vulnerability to spread a variant of Mirai botnet called MooBot to cause a distributed denial of service attack.
References
|