PT-2022-1557 · D Link · Di-7200Gv2.E1

Published

2022-01-10

Updated

2022-03-10

CVE-2021-46232

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link device DI-7200GV2.E1 version 21.04.09E1

Description The issue is related to a command injection vulnerability in the version upgrade.asp function. This vulnerability allows attackers to execute arbitrary commands via the path parameter. The vulnerability is caused by insufficient input validation when processing the path parameter, which can be exploited by a remote attacker to execute arbitrary commands.

Recommendations For D-Link device DI-7200GV2.E1 version 21.04.09E1, consider disabling the version upgrade.asp function until a patch is available to prevent exploitation of the command injection vulnerability via the path parameter. Restrict access to the version upgrade.asp function to minimize the risk of exploitation. Avoid using the path parameter in the affected function until the issue is resolved.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2022-00774

CVE-2021-46232

Affected Products

Di-7200Gv2.E1

PT-2022-1557 · D Link · Di-7200Gv2.E1

CVE-2021-46232

Weakness Enumeration

Related Identifiers

Affected Products

References · 8