PT-2023-4591 · D Link · D-Link Dar-8000-10

Pumkinbridge

Publicado

2023-08-25

Atualizado

2024-05-17

CVE-2023-4542

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DAR-8000-10 up to 20230809

Description A critical issue affects the file /app/sys1.php, where the manipulation of the cmd argument with the input id leads to os command injection. This can be initiated remotely. The exploit has been disclosed publicly and may be used. The issue is related to errors in processing the invoked URL address, allowing a remote attacker to execute arbitrary commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2023-04998

CVE-2023-4542

Produtos afetados

D-Link Dar-8000-10

PT-2023-4591 · D Link · D-Link Dar-8000-10

CVE-2023-4542

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10