CVE-2020-25506

Name of the Vulnerable Software and Affected Versions D-Link DNS-320 FW version 2.06B01 Revision Ax

Description The issue is related to command injection in the system mgr.cgi component, which can lead to remote arbitrary code execution. This occurs due to errors in neutralizing special elements in the OS command. The exploitation of this issue can allow a remote attacker to execute arbitrary code.

Recommendations For D-Link DNS-320 FW version 2.06B01 Revision Ax, consider disabling the system mgr.cgi component as a temporary workaround until a patch is available. Restrict access to this component to minimize the risk of exploitation.