CVE Catalog

Actively exploited in the wild

D-Link DIR-820L Remote Code Execution Vulnerability

D-Link — DIR-820L · Listed in the CISA KEV since 2022-09-08. This indicates confirmed attacks in production environments.

Required action: The impacted product is end-of-life and should be disconnected if still in use.

CVE-2022-26258

CriticalCVSS 9.8KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
81.22%

100th percentile — higher than 100% of all known CVEs

Summary

A remote command execution (RCE) vulnerability was discovered in D-Link DIR-820L firmware version 1.05B03 via an HTTP POST request to the get set ccp function.

Risk Assessment

An attacker can remotely execute arbitrary commands on the vulnerable device, potentially leading to full compromise of the router and network takeover.

Recommendation

Immediately update the D-Link DIR-820L firmware to the latest available version if a patch is released by the vendor, or consider replacing the device with a supported model.

Original NVD description (English source)

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS