PT-2021-17250 · D Link · D-Link Dir-816 A2

Published

2021-04-14

Updated

2021-04-20

CVE-2021-27113

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05

Description: An issue was discovered where an HTTP request parameter is used in command string construction within the handler function of the "/goform/addRouting" route. This could lead to command injection via shell metacharacters.

Recommendations: For D-Link DIR-816 A2 version 1.10 B05, as a temporary workaround, consider restricting access to the "/goform/addRouting" route until a patch is available. Avoid using shell metacharacters in the HTTP request parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-27113

Affected Products

D-Link Dir-816 A2

PT-2021-17250 · D Link · D-Link Dir-816 A2

CVE-2021-27113

Weakness Enumeration

Related Identifiers

Affected Products

References · 4