diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.
CPE | Name | Operator | Version |
---|---|---|---|
dsl-2540u_firmware | eq | me-1.0 | |
dsl-2640u_firmware | eq | im-1.0 | |
dsl-2640u_firmware | eq | me-1.0 |