Lucene search

TwcertCVELIST:CVE-2020-12774

HistoryJul 22, 2020 - 7:20 a.m.

CVE-2020-12774 D-Link DSL-7740C - Command Injection

2020-07-2207:20:17

CWE-78

twcert

www.cve.org

d-link dsl-7740c

command injection

arbitrary command

authenticated lan user

cve-2020-12774

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

13.1%

JSON

D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.

CNA Affected

[
  {
    "product": "DSL-7740C",
    "vendor": "D-Link",
    "versions": [
      {
        "lessThanOrEqual": "DSL7740C.V6.TR069.20180723",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-3802-27204-1.html

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

13.1%

JSON

Related for CVELIST:CVE-2020-12774