Summaryinfo

A vulnerability identified as critical has been detected in D-Link DIR-2150. This affects the function SetSysEmailSettings of the component Setting Handler. The manipulation of the argument EmailTo leads to command injection. This vulnerability is referenced as CVE-2023-34280. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Detailsinfo

A vulnerability, which was classified as critical, has been found in D-Link DIR-2150 (Router Operating System). This issue affects the function SetSysEmailSettings of the component Setting Handler. The manipulation of the argument EmailTo with an unknown input leads to a command injection vulnerability. Using CWE to declare the problem leads to CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability.

The weakness was published 06/03/2023. The advisory is shared at zerodayinitiative.com. The identification of this vulnerability is CVE-2023-34280 since 05/31/2023. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1202 for this issue.

Upgrading to version 1.06 eliminates this vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Router Operating System

Vendor

• D-Link

Name

• DIR-2150

License

• commercial

Website

• Vendor: https://www.dlink.com/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion