PT-2019-4007 · D Link · D-Link Dba-1510P

Goroh_Kun

Publicado

2019-10-04

Atualizado

2020-01-07

CVE-2019-6014

CVSS v3.1

8.8

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DBA-1510P versions 1.70b009 and earlier

Description The issue is related to the lack of measures to neutralize special elements used in operating system commands, which can be exploited by a remote attacker to execute arbitrary commands via the Web User Interface.

Recommendations For D-Link DBA-1510P versions 1.70b009 and earlier, update the firmware to a version later than 1.70b009 to resolve the issue. As a temporary workaround, consider restricting access to the Web User Interface to minimize the risk of exploitation.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2019-04538

CVE-2019-6014

Produtos afetados

D-Link Dba-1510P

PT-2019-4007 · D Link · D-Link Dba-1510P

CVE-2019-6014

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10