Command injection

2022-02-0402:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

50.9%

JSON

D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.

CPENameOperatorVersion
dir-878_firmwareeq<= 1.20b5
dir-878_firmwareeq1.30b8 hotfix2beta

CPE	Name	Operator	Version
	dir-878_firmware	eq	<= 1.20b5
	dir-878_firmware	eq	1.30b8 hotfix2beta

References

github.com/pjqwudi/my_vuln/blob/main/D-link/vuln_1/1.md

supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10286

www.dlink.com/en/security-bulletin/

0.001 Low

EPSS

Percentile

50.9%

JSON

Related for PRION:CVE-2021-44882