D Link · D-Link Dsl-Gs225 · CVE-2020-6765
**Name of the Vulnerable Software and Affected Versions**
D-Link DSL-GS225 J1 AU version 1.0.4
**Description**
The issue allows an admin to execute OS commands by placing shell metacharacters after a supported CLI command. This can be demonstrated by using the command `ping -c1 127.0.0.1; cat /etc/passwd`. The CLI is reachable by TELNET.
**Recommendations**
For D-Link DSL-GS225 J1 AU version 1.0.4, consider disabling the TELNET access to the CLI until a patch is available. Restrict access to the CLI to minimize the risk of exploitation. Avoid using shell metacharacters after supported CLI commands.