| Título | D-Link router DI-500WF Command Injection |
|---|
| Descripción | in jhttpd file, version_upgrade_asp function, path paramater can be controled, and pass to system function to exec. and there is no any fliter |
|---|
| Fuente | ⚠️ https://github.com/physicszq/Routers/tree/main/tmp/01 |
|---|
| Usuario | physicszq (UID 76531) |
|---|
| Sumisión | 2025-08-23 08:41 (hace 10 meses) |
|---|
| Moderación | 2025-08-30 18:53 (7 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 322044 [D-Link DI-500WF 14.04.10A1T jhttpd /version_upgrade.asp path escalada de privilegios] |
|---|
| Puntos | 16 |
|---|