Invia #391669: D-Link DNS 320/320L/321/323/325/327L Command Injectioninformazioni

TitoloD-Link DNS 320/320L/321/323/325/327L Command Injection
DescrizioneThe DLINK nas DNS-320/320L/321/323/325/327L all firmware version has a command injection vulnerability in cgi_create_playlist function of the file /cgi-bin/myMusic.cgi. The variable artistis passed from a POST request and is assigned to v14 via the sprintf function at line 89 and invoked by the system command, the SpecSymbol2BackSlash function did not work which leads to command execution.
Fonte⚠️ https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_create_playlist.md
Utente
 BuaaI0TTeam (UID 73421)
Sottomissione15/08/2024 09:58 (2 anni fa)
Moderazione19/08/2024 11:44 (4 days later)
StatoAccettato
Voce VulDB275108 [D-Link DNS-1550-04 fino a 20240814 /cgi-bin/myMusic.cgi escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>