Submit #640394: D-Link router DI-500WF Command Injection
| Title | D-Link router DI-500WF Command Injection |
|---|---|
| Description | in jhttpd file, version_upgrade_asp function, path paramater can be controled, and pass to system function to exec. and there is no any fliter |
| Source | ⚠️ https:/ |
| User | physicszq (UID 76531) |
| Submission | 08/23/2025 08:41 (10 months ago) |
| Moderation | 08/30/2025 18:53 (7 days later) |
| Status | Accepted |
| VulDB entry | 322044 [D-Link DI-500WF 14.04.10A1T jhttpd /version_upgrade.asp path os command injection] |
| Points | 16 |