Submeter #390117: D-Link DNS 320/320L/321/323/325/327L Buffer Overflowinformação

TítuloD-Link DNS 320/320L/321/323/325/327L Buffer Overflow
DescriçãoThe DLINK nas DNS-320/320L/321/323/325/327L all firmware version has a command injection vulnerability in cgi_del_photo function of the file /cgi-bin/photocenter_mgr.cgi. The variable current_path is passed from a POST request and is assigned to v6 via the sprintf function at line 29. It is then passed into v5 and invoked by the system command, the SpecSymbol2BackSlash function did not work which leads to command execution.
Fonte⚠️ https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_del_photo.md
Utilizador
 BuaaI0TTeam (UID 73421)
Submissão13/08/2024 10h51 (há 2 anos)
Moderação15/08/2024 07h27 (2 days later)
EstadoAceite
Entrada VulDB274727 [D-Link DNS-1550-04 até 20240814 photocenter_mgr.cgi cgi_del_photo current_path Excesso de tampão]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!