PT-2011-1899 · D Link · Dcs-2121

Eren Türkay

Publicado

2011-10-16

Atualizado

2012-05-14

CVE-2010-4964

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DCS-2121 camera version 1.04

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a semicolon injection. This occurs in the recorder test.cgi file.

Recommendations For version 1.04, consider restricting access to the recorder test.cgi file until a patch is available. As a temporary workaround, avoid using shell metacharacters in the Password field to minimize the risk of exploitation.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2010-4964

Produtos afetados

Dcs-2121

PT-2011-1899 · D Link · Dcs-2121

CVE-2010-4964

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4