Search...

CVE-2020-6842

2020-02-21T16:15:00

ID CVE-2020-6842
Type cve
Reporter cve@mitre.org
Modified 2020-02-25T16:33:00

Description

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.

JSON Vulners Source

Initial Source

{"id": "CVE-2020-6842", "bulletinFamily": "NVD", "title": "CVE-2020-6842", "description": "D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.", "published": "2020-02-21T16:15:00", "modified": "2020-02-25T16:33:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6842", "reporter": "cve@mitre.org", "references": ["https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10152", "https://gist.github.com/jezzaaa/9d704400a7e23f988dfb4f73658678b8"], "cvelist": ["CVE-2020-6842"], "type": "cve", "lastseen": "2020-12-09T22:03:17", "edition": 6, "viewCount": 68, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:F7771BE4-3364-4037-A463-F72668C65AFA"]}], "modified": "2020-12-09T22:03:17", "rev": 2}, "score": {"value": 7.7, "vector": "NONE", "modified": "2020-12-09T22:03:17", "rev": 2}, "vulnersScore": 7.7}, "cpe": ["cpe:/o:d-link:dch-m225_firmware:1.05b01"], "affectedSoftware": [{"cpeName": "d-link:dch-m225_firmware", "name": "d-link dch-m225 firmware", "operator": "le", "version": "1.05b01"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:d-link:dch-m225_firmware:1.05b01:*:*:*:*:*:*:*"], "cwe": ["CWE-78"], "scheme": null, "affectedConfiguration": [{"cpeName": "d-link:dch-m225", "name": "d-link dch-m225", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:d-link:dch-m225:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:d-link:dch-m225_firmware:1.05b01:*:*:*:*:*:*:*", "versionEndIncluding": "1.05b01", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}}

{"attackerkb": [{"lastseen": "2020-11-18T06:45:24", "bulletinFamily": "info", "cvelist": ["CVE-2020-6842"], "description": "D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.\n\n \n**Recent assessments:** \n \n**kevthehermit** at February 22, 2020 11:00pm UTC reported:\n\nThis analysis is a transcript of a public gist \u2013 Original Source \u2013 <https://gist.github.com/jezzaaa/9d704400a7e23f988dfb4f73658678b8>\n\nD-Link DCH-M225 1.04 devices allow authenticated admins to \nexecute arbitrary OS commands via shell metacharacters in the media \nrenderer name.\n\n* * *\n\n[Additional Information] \nThe vendor has stated that the device has been discontinued (as of \nApril 2018), and that they won\u2019t be patching.\n\nI have requested the vendor confirm the exploit. They have not \nresponded to this question.\n\n* * *\n\n[VulnerabilityType Other] \ncommand injection (missing input validation, escaping)\n\n* * *\n\n[Vendor of Product] \nD-Link\n\n* * *\n\n[Affected Product Code Base] \nDCH-M225 Wi-fi Range Extender \u2013 1.04\n\n* * *\n\n[Attack Type] \nLocal\n\n* * *\n\n[Attack Vectors] \nLogin to the admin console (as admin), then set the \u201cmedia renderer\u201d \nname to a string containing a single-quoted arbitrary command \nprepended by a semicolon such as telnetd. The command runs as root.\n\n* * *\n\n[Reference] \n<https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10152> \n<https://www.dlink.com.au/home-solutions/dch-m225-wi-fi-audio-extender> \n<https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf> \n<https://www.dlink.com/en/security-bulletin>\n\nAssessed Attacker Value: 1 \nAssessed Attacker Value: 2\n", "modified": "2020-06-05T00:00:00", "published": "2020-02-21T00:00:00", "id": "AKB:F7771BE4-3364-4037-A463-F72668C65AFA", "href": "https://attackerkb.com/topics/0COldqZyty/cve-2020-6842", "type": "attackerkb", "title": "CVE-2020-6842", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}