Submeter #390113: D-Link DNS 320/320L/321/323/325/327L Buffer Overflowinformação

TítuloD-Link DNS 320/320L/321/323/325/327L Buffer Overflow
DescriçãoThe DLINK nas DNS-320/320L/321/323/325/327L all firmware version has a command injection vulnerability in cgi_create_album function of the file /cgi-bin/photocenter_mgr.cgi. The variable current_path is passed from a POST request and is assigned to v5 via the sprintf function at line 41 and invoked by the system command, the shell_string_encode function did not work which leads to command execution.
Fonte⚠️ https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_create_album.md
Utilizador
 BuaaI0TTeam (UID 73421)
Submissão13/08/2024 10h37 (há 2 anos)
Moderação15/08/2024 18h01 (2 days later)
EstadoAceite
Entrada VulDB274755 [D-Link DNS-1550-04 até 20240814 photocenter_mgr.cgi cgi_create_album current_path Excesso de tampão]
Pontos20

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!