CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42159
https://notcve.org/view.php?id=CVE-2022-42159
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator. Se ha detectado que D-Link COVR 1200,1202,1203 versión v1.08, tenía una semilla predecible en un generador de números pseudoaleatorios • https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf https://www.dlink.com/en/security-bulletin • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42156
https://notcve.org/view.php?id=CVE-2022-42156
D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings. Se ha detectado que D-Link COVR 1200,1203 versión v1.08, contiene una vulnerabilidad de inyección de comandos por medio del parámetro tomography_ping_number en la función SetNetworkTomographySettings • https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42160
https://notcve.org/view.php?id=CVE-2022-42160
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. Se ha detectado que D-Link COVR 1200,1202,1203 versión v1.08, contiene una vulnerabilidad de inyección de comandos por medio del parámetro system_time_timezone en la función SetNTPServerSettings • https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42161
https://notcve.org/view.php?id=CVE-2022-42161
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. Se ha detectado que D-Link COVR 1200,1202,1203 versión v1.08, contiene una vulnerabilidad de inyección de comandos por medio del parámetro /SetTriggerWPS/PIN en la función SetTriggerWPS • https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •