| عنوان | D-Link DCS850L v1.02.09 Absolute Path Traversal |
|---|
| الوصف | A Path Traversal Vulnerability has been discovered in the Firmware Update Service of D-Link DCS-850L v1.02.09. The vulnerability exists in the firmware file validation process, where user-controlled input (the firmware file path) is improperly handled. During firmware validation, the service uses the open() system call with the user-supplied file path without proper sanitization. This allows an attacker to include path traversal sequences (../) in the filename parameter, causing the system to attempt to open arbitrary files outside the intended upload directory. When the firmware upgrade process attempts to validate the uploaded file, it will open and process any file specified by the attacker's crafted path, potentially exposing sensitive system files such as configuration files, password files, or other critical system data. This could lead to information disclosure of sensitive device configuration and potentially facilitate further attacks. |
|---|
| المصدر | ⚠️ https://tzh00203.notion.site/D-Link-DCS850L-v1-02-09-Path-Traversal-Vulnerability-in-Firmware-Update-2d8b5c52018a803abbc7e30e2858d084?source=copy_link |
|---|
| المستخدم | tian (UID 93438) |
|---|
| ارسال | 29/12/2025 08:55 AM (4 أشهر منذ) |
|---|
| الاعتدال | 29/12/2025 09:23 AM (27 minutes later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 338635 [D-Link DCS-850L 1.02.09 Firmware Update Service uploadfirmware DownloadFile اجتياز الدليل] |
|---|
| النقاط | 17 |
|---|