PT-2020-2908 · D Link · D-Link Dir-865L
Davila Loranca
+2
·
Published
2020-06-03
·
Updated
2022-09-02
·
CVE-2020-13782
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-865L Ax version 1.20B01 Beta
Description
The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows a remote attacker to execute arbitrary operating system commands. The vulnerability is related to the cgibin.exe executable file of the D-Link DIR-865L router's firmware.
Recommendations
For D-Link DIR-865L Ax version 1.20B01 Beta, consider disabling the cgibin.exe executable file as a temporary workaround until a patch is available. Restrict access to the vulnerable executable file to minimize the risk of exploitation.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-865L