| tiêu đề | D-Link DCS700l v1.03.09 Command Injection |
|---|
| Mô tả | A Command Injection vulnerability has been discovered in the LightSensorControl parameter of D-Link DCS700l v1.03.09. The vulnerability arises from improper handling of user-controlled input, which is passed directly into a system command without sufficient sanitization. The LightSensorControl parameter is incorporated into a shell command (gpio lightcontrol %s &), and an attacker can manipulate it to inject arbitrary shell commands. This allows remote execution of malicious commands on the device, potentially compromising its integrity, leaking sensitive information, and facilitating further attacks. The lack of input validation and sanitization makes the device susceptible to malicious input exploitation. |
|---|
| Nguồn | ⚠️ https://tzh00203.notion.site/D-Link-DCS700l-v1-03-09-Command-Injection-Vulnerability-in-LightSensorControl-Parameter-2e6b5c52018a80ada0f6d7e72efd7a45?source=copy_link |
|---|
| Người dùng | tian (UID 93438) |
|---|
| Đệ trình | 12/01/2026 14:45 (cách đây 6 các tháng) |
|---|
| Kiểm duyệt | 25/01/2026 15:14 (13 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 342815 [D-Link DCS700l 1.03.09 Web Form /setDayNightMode LightSensorControl nâng cao đặc quyền] |
|---|
| điểm | 17 |
|---|