An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the /bin/sh -c wget
sequence.
CPE | Name | Operator | Version |
---|---|---|---|
6600-ap_firmware | eq | 4.2.0.14 | |
dwl-3600ap_firmware | eq | 4.2.0.14 |