CVE-2020-25506

CVSS v3.1

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DNS-320 FW version 2.06B01 Revision Ax

Description The issue is related to command injection in the system mgr.cgi component, which can lead to remote arbitrary code execution. This occurs due to errors in neutralizing special elements in the OS command. The exploitation of this issue can allow a remote attacker to execute arbitrary code.

Recommendations For D-Link DNS-320 FW version 2.06B01 Revision Ax, consider disabling the system mgr.cgi component as a temporary workaround until a patch is available. Restrict access to this component to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2021-05339

CVE-2020-25506

Affected Products

D-Link Dns-320

CVE-2020-25506

Weakness Enumeration

Related Identifiers

Affected Products

References · 11