Skip to main content

CVE-2022-42161: n/a in n/a

High
VulnerabilityCVE-2022-42161cvecve-2022-42161
Published: Thu Oct 13 2022 (10/13/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.

AI-Powered Analysis

AILast updated: 07/06/2025, 08:56:13 UTC

Technical Analysis

CVE-2022-42161 is a command injection vulnerability identified in D-Link COVR series routers, specifically models 1200, 1202, and 1203 running firmware version 1.08. The vulnerability exists in the function SetTriggerWPS, which processes the /SetTriggerWPS/PIN parameter. An attacker with low privileges (PR:L) but no user interaction (UI:N) required can exploit this flaw remotely over the network (AV:N). The vulnerability allows the attacker to inject arbitrary commands due to improper input sanitization of the PIN parameter, classified under CWE-77 (Improper Neutralization of Special Elements used in a Command). Successful exploitation can lead to full compromise of the device, impacting confidentiality, integrity, and availability (C:H/I:H/A:H). The CVSS v3.1 base score is 8.8, indicating a high severity level. Although no public exploits are currently known in the wild, the ease of exploitation combined with the critical impact makes this a significant threat. The lack of available patches at the time of reporting increases the urgency for mitigation. This vulnerability could be leveraged to execute arbitrary commands on the router, potentially allowing attackers to manipulate network traffic, intercept sensitive data, or disrupt network availability.

Potential Impact

For European organizations, the impact of CVE-2022-42161 is considerable. D-Link COVR routers are commonly used in small to medium enterprises and home office environments, which are prevalent across Europe. Exploitation could lead to unauthorized access to internal networks, interception of confidential communications, and disruption of business operations. Given the high confidentiality, integrity, and availability impact, attackers could use this vulnerability to establish persistent footholds, launch further attacks within corporate networks, or exfiltrate sensitive data. The vulnerability's remote exploitability without user interaction increases the risk of widespread compromise. This is particularly concerning for sectors with high data protection requirements under GDPR, such as finance, healthcare, and government institutions. Additionally, compromised routers could be used as part of botnets or to launch attacks against other critical infrastructure, amplifying the threat landscape in Europe.

Mitigation Recommendations

1. Immediate network segmentation: Isolate affected D-Link COVR routers from critical network segments to limit potential lateral movement. 2. Disable WPS functionality: Since the vulnerability is triggered via the WPS PIN parameter, disabling WPS on affected devices reduces attack surface. 3. Apply firmware updates: Monitor D-Link’s official channels for firmware patches addressing this vulnerability and apply them promptly once available. 4. Implement strict access controls: Restrict management interface access to trusted IP addresses and use VPNs for remote management. 5. Network monitoring and intrusion detection: Deploy IDS/IPS solutions tuned to detect anomalous commands or traffic patterns targeting the /SetTriggerWPS endpoint. 6. Conduct regular vulnerability scans: Identify devices running vulnerable firmware versions and prioritize remediation. 7. Educate users and administrators: Raise awareness about the risks of using default or weak credentials and the importance of timely patching. 8. Consider device replacement: For environments where patching is delayed or unsupported, replace vulnerable devices with models that have robust security support.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-10-03T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fa1484d88663aec4a4

Added to database: 5/20/2025, 6:59:06 PM

Last enriched: 7/6/2025, 8:56:13 AM

Last updated: 7/28/2025, 6:45:28 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats