| 제목 | D-Link DCS850L v1.02.09 Absolute Path Traversal |
|---|
| 설명 | A Path Traversal Vulnerability has been discovered in the Firmware Update Service of D-Link DCS-850L v1.02.09. The vulnerability exists in the firmware file validation process, where user-controlled input (the firmware file path) is improperly handled. During firmware validation, the service uses the open() system call with the user-supplied file path without proper sanitization. This allows an attacker to include path traversal sequences (../) in the filename parameter, causing the system to attempt to open arbitrary files outside the intended upload directory. When the firmware upgrade process attempts to validate the uploaded file, it will open and process any file specified by the attacker's crafted path, potentially exposing sensitive system files such as configuration files, password files, or other critical system data. This could lead to information disclosure of sensitive device configuration and potentially facilitate further attacks. |
|---|
| 원천 | ⚠️ https://tzh00203.notion.site/D-Link-DCS850L-v1-02-09-Path-Traversal-Vulnerability-in-Firmware-Update-2d8b5c52018a803abbc7e30e2858d084?source=copy_link |
|---|
| 사용자 | tian (UID 93438) |
|---|
| 제출 | 2025. 12. 29. AM 08:55 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 29. AM 09:23 (27 minutes later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 338635 [D-Link DCS-850L 1.02.09 Firmware Update Service uploadfirmware DownloadFile 디렉토리 순회] |
|---|
| 포인트들 | 17 |
|---|