PT-2020-16466 · D Link · D-Link Dap-1360

Assaf Vilmovski

Published

2020-10-06

Updated

2021-07-21

CVE-2020-26582

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DAP-1360U versions prior to 3.0.1

Description The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping, specifically through the res config action=3&res config id=18 parameter.

Recommendations For D-Link DAP-1360U versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ping functionality with res config action=3&res config id=18 until a patch is applied.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-78

Related Identifiers

BDU:2021-00106

CVE-2020-26582

Affected Products

D-Link Dap-1360

PT-2020-16466 · D Link · D-Link Dap-1360

CVE-2020-26582

Weakness Enumeration

Related Identifiers

Affected Products

References · 20