| タイトル | D-Link DCS850L v1.02.09 Absolute Path Traversal |
|---|
| 説明 | A Path Traversal Vulnerability has been discovered in the Firmware Update Service of D-Link DCS-850L v1.02.09. The vulnerability exists in the firmware file validation process, where user-controlled input (the firmware file path) is improperly handled. During firmware validation, the service uses the open() system call with the user-supplied file path without proper sanitization. This allows an attacker to include path traversal sequences (../) in the filename parameter, causing the system to attempt to open arbitrary files outside the intended upload directory. When the firmware upgrade process attempts to validate the uploaded file, it will open and process any file specified by the attacker's crafted path, potentially exposing sensitive system files such as configuration files, password files, or other critical system data. This could lead to information disclosure of sensitive device configuration and potentially facilitate further attacks. |
|---|
| ソース | ⚠️ https://tzh00203.notion.site/D-Link-DCS850L-v1-02-09-Path-Traversal-Vulnerability-in-Firmware-Update-2d8b5c52018a803abbc7e30e2858d084?source=copy_link |
|---|
| ユーザー | tian (UID 93438) |
|---|
| 送信 | 2025年12月29日 08:55 (4 月 ago) |
|---|
| モデレーション | 2025年12月29日 09:23 (27 minutes later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 338635 [D-Link DCS-850L 1.02.09 Firmware Update Service uploadfirmware DownloadFile ディレクトリトラバーサル] |
|---|
| ポイント | 17 |
|---|