| Titre | DLink DAP-2695 v2.00RC131 CWE88 Improper Neutralization of Argument Delimiters in Command |
|---|
| Description | During the firmware update process, in function fwupdater_main() of program rgbin. A user input optarg could be propagated to system command execution function and become part of the function parameters. During the propagation process, there is no verification on user input optarg. If the hackers control the user input optarg, they could inject and execute malicious code. This issue in the firmware update process of Dlink DAP-2695(firmware version:v2.00RC131) allows attackers to execute arbitrary code or cause denial of service via constructing a malicious command and injecting it into user input. |
|---|
| La source | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DAP-2695.md |
|---|
| Utilisateur | IOT_Res (UID 81722) |
|---|
| Soumission | 11/10/2025 04:44 (il y a 8 mois) |
|---|
| Modérer | 12/10/2025 10:13 (1 day later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 328084 [D-Link DAP-2695 2.00RC131 Firmware Update rgbin fwupdater_main élévation de privilèges] |
|---|
| Points | 20 |
|---|