| عنوان | D-Link DNS 320/320L/321/323/325/327L Buffer Overflow |
|---|
| الوصف | The DLINK nas DNS-320/320L/321/323/325/327L all firmware version has a command injection vulnerability in cgi_move_photo function of the file /cgi-bin/photocenter_mgr.cgi. The variable photo_name is passed from a POST request and is assigned to v8 via the sprintf function at line 60. It is then passed into v4 and invoked by the system command, the SpecSymbol2BackSlash function did not work which leads to command execution. |
|---|
| المصدر | ⚠️ https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_move_photo.md |
|---|
| المستخدم | BuaaI0TTeam (UID 73421) |
|---|
| ارسال | 13/08/2024 10:52 AM (2 سنوات منذ) |
|---|
| الاعتدال | 15/08/2024 07:27 AM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 274728 [D-Link DNS-1550-04 حتى 20240814 photocenter_mgr.cgi cgi_move_photo photo_name تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|