CVE-2022-40799

Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the...

Basic Information

CVE State: PUBLISHED
Reserved Date: September 19, 2022
Published Date: November 29, 2022
Last Updated: October 21, 2025
Vendor: n/a
Product: n/a
Description: Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.
Tags

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2026-06-01 13:30:38 UTC) Source
Proof of Concept Available: Yes (added 2023-04-23 20:42:18 UTC) Source

References

https://gitlab.com/lu-ka/cve-2022-40799

Known Exploited Vulnerability Information

Source	Added Date
CVE	2026-06-01 10:38:24 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

rtfmkiesel/CVE-2022-40799

Type: github • Created: 2023-04-23 20:42:18 UTC • Stars: 2

D-Link DNR-322L - Authenticated Remote Code Execution

Timeline

CVE ID Reserved

September 19, 2022
CVE Published to Public

November 29, 2022
Proof of Concept Exploit Available

April 23, 2023
Added to KEVIntel

June 01, 2026