Lucene search

PRIOn knowledge basePRION:CVE-2023-24762

HistoryMar 13, 2023 - 2:15 p.m.

Command injection

2023-03-1314:15:00

PRIOn knowledge base

www.prio-n.com

command injection

os vulnerability

d-link dir-867

localipaddress parameter

setvirtualserversettings

hnap1

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

JSON

OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1.

CPENameOperatorVersion
dir-867_firmwareeq1.30.0-b7

CPE	Name	Operator	Version
	dir-867_firmware	eq	1.30.0-b7

References

hackmd.io/@uuXne2y3RjOdpWM87fw6_A/HyPK04zho

www.dlink.com/en/security-bulletin/