| タイトル | DLink DAP-2695 v2.00RC131 CWE88 Improper Neutralization of Argument Delimiters in Command |
|---|
| 説明 | During the firmware update process, in function fwupdater_main() of program rgbin. A user input optarg could be propagated to system command execution function and become part of the function parameters. During the propagation process, there is no verification on user input optarg. If the hackers control the user input optarg, they could inject and execute malicious code. This issue in the firmware update process of Dlink DAP-2695(firmware version:v2.00RC131) allows attackers to execute arbitrary code or cause denial of service via constructing a malicious command and injecting it into user input. |
|---|
| ソース | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DAP-2695.md |
|---|
| ユーザー | IOT_Res (UID 81722) |
|---|
| 送信 | 2025年10月11日 04:44 (8 月 ago) |
|---|
| モデレーション | 2025年10月12日 10:13 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 328084 [D-Link DAP-2695 2.00RC131 Firmware Update rgbin fwupdater_main 特権昇格] |
|---|
| ポイント | 20 |
|---|