Submit #390119: D-Link DNS 320/320L/321/323/325/327L Buffer Overflowinfo

TitelD-Link DNS 320/320L/321/323/325/327L Buffer Overflow
BeschreibungThe DLINK nas DNS-320/320L/321/323/325/327L all firmware version has a command injection vulnerability in cgi_get_cooliris function of the file /cgi-bin/photocenter_mgr.cgi. The variable path is passed from a POST request and is assigned to v2 via the sprintf function at line 49. It is then passed into v3 and invoked by the system command, the SpecSymbol2BackSlash function did not work which leads to command execution.
Quelle⚠️ https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_get_cooliris.md
Benutzer
 BuaaI0TTeam (UID 73421)
Einreichung13.08.2024 10:53 (vor 2 Jahren)
Moderieren15.08.2024 07:27 (2 days later)
StatusAkzeptiert
VulDB Eintrag274729 [D-Link DNS-1550-04 bis 20240814 photocenter_mgr.cgi cgi_get_cooliris path Pufferüberlauf]
Punkte20

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!