Gửi #304661: D-LINK DNS-340L, DNS-320L, DNS-327L, DNS-325 Version 1.11, Version 1.00.0409.2013, Version 1.09, Version 1.08, Version 1.03.0904.2013, Version 1.01 Command Injection, Backdoor Accountthông tin

tiêu đềD-LINK DNS-340L, DNS-320L, DNS-327L, DNS-325 Version 1.11, Version 1.00.0409.2013, Version 1.09, Version 1.08, Version 1.03.0904.2013, Version 1.01 Command Injection, Backdoor Account
Mô tảThe described vulnerability affects multiple D-Link NAS devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others. The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hardcoded credentials, and a command injection vulnerability via the system parameter. This exploitation could lead to arbitrary command execution on the affected D-Link NAS devices, granting attackers potential access to sensitive information, system configuration alteration, or denial of service, by specifying a command, affecting over 92,000 devices on the Internet.
Nguồn⚠️ https://github.com/netsecfish/dlink
Người dùng netsecfish (UID 64568)
Đệ trình26/03/2024 13:09 (cách đây 2 những năm)
Kiểm duyệt03/04/2024 20:23 (8 days later)
Trạng tháiđược chấp nhận
Mục VulDB259284 [D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L đến 20240403 HTTP GET Request /cgi-bin/nas_sharing.cgi system nâng cao đặc quyền]
điểm20

Want to know what is going to be exploited?

We predict KEV entries!