| Título | D-Link DCS850L v1.02.09 Absolute Path Traversal |
|---|
| Descrição | A Path Traversal Vulnerability has been discovered in the Firmware Update Service of D-Link DCS-850L v1.02.09. The vulnerability exists in the firmware file validation process, where user-controlled input (the firmware file path) is improperly handled. During firmware validation, the service uses the open() system call with the user-supplied file path without proper sanitization. This allows an attacker to include path traversal sequences (../) in the filename parameter, causing the system to attempt to open arbitrary files outside the intended upload directory. When the firmware upgrade process attempts to validate the uploaded file, it will open and process any file specified by the attacker's crafted path, potentially exposing sensitive system files such as configuration files, password files, or other critical system data. This could lead to information disclosure of sensitive device configuration and potentially facilitate further attacks. |
|---|
| Fonte | ⚠️ https://tzh00203.notion.site/D-Link-DCS850L-v1-02-09-Path-Traversal-Vulnerability-in-Firmware-Update-2d8b5c52018a803abbc7e30e2858d084?source=copy_link |
|---|
| Utilizador | tian (UID 93438) |
|---|
| Submissão | 29/12/2025 08h55 (há 4 meses) |
|---|
| Moderação | 29/12/2025 09h23 (27 minutes later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 338635 [D-Link DCS-850L 1.02.09 Firmware Update Service uploadfirmware DownloadFile Travessia de Diretório] |
|---|
| Pontos | 17 |
|---|