An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dir 300
HWDlinkbDlink Dir 300 Firmware
OSDlink2.14b01Dlink Dir 600
HWDlinkwszystkie wersjeDlink Dir 600 Firmware
OSDlink< 2.17b01Dlink Dir 645
HWDlinkwszystkie wersjeDlink Dir 645 Firmware
OSDlink< 1.04b11Dlink Dir 845
HWDlinkwszystkie wersjeDlink Dir 845 Firmware
OSDlink< 1.02b03Dlink Dir 865
HWDlinkwszystkie wersjeDlink Dir 865 Firmware
OSDlink1.05b03
Powiązane podatności
D-Link DIR-series — nieuwierzytelniony command injection w service.cgi (root RCE)
D-Link DIR-300/DIR-600 — nieuwierzytelniony OS command injection w command.php
D-Link DIR-300/DIR-600: nieuwierzytelniony command injection z uprawnieniami root
D-Link DIR-300: zakodowane na stałe dane uwierzytelniające w usłudze Telnet
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain es...