| Titel | D-Link DCS700l v1.03.09 Absolute Path Traversal |
|---|
| Beschreibung | A Path Traversal Vulnerability has been discovered in the Music File Upload Service of D-Link DCS-700L v1.03.09. The vulnerability arises from improper handling of user-controlled input during the music file upload process. The service uses the open() system call with the user-supplied file path without proper sanitization, allowing attackers to exploit path traversal sequences (e.g., ../../) to access files outside the intended directory. This can expose sensitive system files, such as configuration files, user credentials, or other critical system files, leading to potential information disclosure. |
|---|
| Quelle | ⚠️ https://tzh00203.notion.site/D-Link-DCS700l-v1-03-09-Path-Traversal-Vulnerability-in-Music-File-Upload-2e8b5c52018a80369553f07ab91aabe2?source=copy_link |
|---|
| Benutzer | tian (UID 93438) |
|---|
| Einreichung | 14.01.2026 07:59 (vor 5 Monaten) |
|---|
| Moderieren | 28.01.2026 14:28 (14 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 343218 [D-Link DCS-700L 1.03.09 Music File Upload Service /setUploadMusic uploadmusic Directory Traversal] |
|---|
| Punkte | 17 |
|---|