Actively exploited in the wild
D-Link DIR-820L Remote Code Execution Vulnerability
D-Link — DIR-820L · Listed in the CISA KEV since 2022-09-08. This indicates confirmed attacks in production environments.
Required action: The impacted product is end-of-life and should be disconnected if still in use.
CVE-2022-26258
CriticalCVSS 9.8KEVExploitation Probability (EPSS)
Very high risk100th percentile — higher than 100% of all known CVEs
Summary
A remote command execution (RCE) vulnerability was discovered in D-Link DIR-820L firmware version 1.05B03 via an HTTP POST request to the get set ccp function.
Risk Assessment
An attacker can remotely execute arbitrary commands on the vulnerable device, potentially leading to full compromise of the router and network takeover.
Recommendation
Immediately update the D-Link DIR-820L firmware to the latest available version if a patch is released by the vendor, or consider replacing the device with a supported model.
Original NVD description (English source)
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.

