CVE-2022-36786

Published: Nov 17, 2022

Modified: Apr 29, 2025

PUBLISHED

CVSS v3.1

9.9

CRITICAL

Description

DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.

Vendor	Product	Versions
D-Link	DSL-224	affected `All versions - < Update to version 3.0.9_Beta Hotfix`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://www.gov.il/en/Departments/faq/cve_advisories

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-36786

Description

Affected Products

CVSS v3.1 Details

References