Gửi #389261: Dlink Dlink DNS 320/320L/321/323/325/327L <=v1.1 Command Injectionthông tin

tiêu đềDlink Dlink DNS 320/320L/321/323/325/327L <=v1.1 Command Injection
Mô tảThe DLINK nas DNS-320/320L/321/323/325/327L all firmware version has a command injection vulnerability in cgi_photo_search function of the file /cgi-bin/photocenter_mgr.cgi. The variable filter is passed from a POST request and is assigned to v6 via the sprintf function at line 64 and invoked by the system command, the SpecSymbol2BackSlash function did not work which leads to command execution.
Nguồn⚠️ https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_photo_search.md
Người dùng
 BuaaIoTTeam (UID 73348)
Đệ trình12/08/2024 04:47 (cách đây 2 những năm)
Kiểm duyệt13/08/2024 08:17 (1 day later)
Trạng tháiđược chấp nhận
Mục VulDB274281 [D-Link DNS-1550-04 đến 20240812 photocenter_mgr.cgi sprintf filter nâng cao đặc quyền]
điểm20

TrướcTổng QuanTiếp theo

Interested in the pricing of exploits?

See the underground prices here!