Enviar #389261: Dlink Dlink DNS 320/320L/321/323/325/327L <=v1.1 Command Injectioninformación

TítuloDlink Dlink DNS 320/320L/321/323/325/327L <=v1.1 Command Injection
DescripciónThe DLINK nas DNS-320/320L/321/323/325/327L all firmware version has a command injection vulnerability in cgi_photo_search function of the file /cgi-bin/photocenter_mgr.cgi. The variable filter is passed from a POST request and is assigned to v6 via the sprintf function at line 64 and invoked by the system command, the SpecSymbol2BackSlash function did not work which leads to command execution.
Fuente⚠️ https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_photo_search.md
Usuario
 BuaaIoTTeam (UID 73348)
Sumisión2024-08-12 04:47 (hace 2 años)
Moderación2024-08-13 08:17 (1 day later)
EstadoAceptado
Entrada de VulDB274281 [D-Link DNS-1550-04 hasta 20240812 photocenter_mgr.cgi sprintf filter escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!