4 matches found
CVE-2018-5371
diagping.cmd on D-Link DSL-2640U devices with firmware IM1.00 and ME1.00, and DSL-2540U devices with firmware ME1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request...
Server side request forgery (ssrf)
diagping.cmd on D-Link DSL-2640U devices with firmware IM1.00 and ME1.00, and DSL-2540U devices with firmware ME1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request...
CVE-2018-5371
The CVE affects D-Link DSL-2640U (firmware IM_1.00, ME_1.00) and DSL-2540U (firmware ME_1.00). The diag_ping.cmd vulnerability allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. This is a remote command execu...
CVE-2018-5371
diagping.cmd on D-Link DSL-2640U devices with firmware IM1.00 and ME1.00, and DSL-2540U devices with firmware ME1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request...