| Название | DLink DAP-2695 v2.00RC131 CWE88 Improper Neutralization of Argument Delimiters in Command |
|---|
| Описание | During the firmware update process, in function fwupdater_main() of program rgbin. A user input optarg could be propagated to system command execution function and become part of the function parameters. During the propagation process, there is no verification on user input optarg. If the hackers control the user input optarg, they could inject and execute malicious code. This issue in the firmware update process of Dlink DAP-2695(firmware version:v2.00RC131) allows attackers to execute arbitrary code or cause denial of service via constructing a malicious command and injecting it into user input. |
|---|
| Источник | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DAP-2695.md |
|---|
| Пользователь | IOT_Res (UID 81722) |
|---|
| Представление | 11.10.2025 04:44 (8 месяцы назад) |
|---|
| Модерация | 12.10.2025 10:13 (1 day later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 328084 [D-Link DAP-2695 2.00RC131 Firmware Update rgbin fwupdater_main эскалация привилегий] |
|---|
| Баллы | 20 |
|---|