CVE-2022-42161

moderate-risk
Published 2022-10-13

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.

Do I need to act?

~
9.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (3)

Covr 1203 Firmware
Covr 1202 Firmware
Covr 1200 Firmware

Affected Vendors

Dlink

References (4)

Exploit https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.p...
Vendor Advisory https://www.dlink.com/en/security-bulletin/
Exploit https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.p...
Vendor Advisory https://www.dlink.com/en/security-bulletin/
49
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 10/34 · Low
Exposure 9/34 · Low