| tiêu đề | D-Link DNS 320/320L/321/323/325/327L Buffer Overflow |
|---|
| Mô tả | The DLINK nas DNS-320/320L/321/323/325/327L all firmware version has a command injection vulnerability in cgi_set_cover function of the file /cgi-bin/photocenter_mgr.cgi. The variable album_name is passed from a POST request and is assigned to v1 via the sprintf function at line 21 and invoked by the system command, the SpecSymbol2BackSlash function did not work which leads to command execution. |
|---|
| Nguồn | ⚠️ https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_set_cover.md |
|---|
| Người dùng | BuaaI0TTeam (UID 73421) |
|---|
| Đệ trình | 13/08/2024 10:44 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 15/08/2024 07:27 (2 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 274726 [D-Link DNS-1550-04 đến 20240814 photocenter_mgr.cgi cgi_set_cover album_name tràn bộ đệm] |
|---|
| điểm | 20 |
|---|