PT-2020-19218 · D Link · D-Link Dsl-Gs225
Nizam Abdallah
·
Published
2020-04-10
·
Updated
2020-04-13
·
CVE-2020-6765
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DSL-GS225 J1 AU version 1.0.4
Description
The issue allows an admin to execute OS commands by placing shell metacharacters after a supported CLI command. This can be demonstrated by using the command
ping -c1 127.0.0.1; cat /etc/passwd. The CLI is reachable by TELNET.Recommendations
For D-Link DSL-GS225 J1 AU version 1.0.4, consider disabling the TELNET access to the CLI until a patch is available. Restrict access to the CLI to minimize the risk of exploitation. Avoid using shell metacharacters after supported CLI commands.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dsl-Gs225