CVE-2022-38557

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.

D-Link DIR845L versión v1.00-v1.03, contiene una vulnerabilidad de Credenciales Estáticas por Defecto en el archivo /etc/init0.d/S80telnetd.sh.

*Credits: N/A

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-22 CVE Reserved
2022-08-28 CVE Published
2024-03-20 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (2)

URL	Tag	Source
https://github.com/xxy1126/Vuln/tree/main/3	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.dlink.com/en/security-bulletin	2023-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dlink Search vendor "Dlink"	Dir-845l Firmware Search vendor "Dlink" for product "Dir-845l Firmware"	>= 1.0.0 <= 1.0.3 Search vendor "Dlink" for product "Dir-845l Firmware" and version " >= 1.0.0 <= 1.0.3"	-	Affected	in	Dlink Search vendor "Dlink"	Dir-845l Search vendor "Dlink" for product "Dir-845l"	-	-	Safe