CVE-2018-25120 in DNS-343 ShareCenterinfo

Zusammenfassung

von MITRE • 29.10.2025

D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

29.10.2025

Veröffentlichung

29.10.2025

Moderieren

akzeptiert

Eintrag

VDB-330470

CPE

bereit

CWE

CWE-78 (bestätigt)

Exploit

Download

CVSS

9.8 (NVD)

EPSS

0.00908

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-25120
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-25120
CVE Details	https://www.cvedetails.com/cve/CVE-2018-25120/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!