4 matches found
Remote code execution
Remote Code Execution RCE vulnerability exists in D-Link Router DIR-846 DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.Th...
CVE-2021-46319
CVE-2021-46319 is linked to a D-Link DIR-846 RCE issue previously observed as CVE-2019-17509. Connected sources describe a remote code execution path in DIR-846 devices, where an attacker can bypass shell metacharacters in ssid0/ssid1 via crafted input to execute arbitrary OS commands as root (e....
YouPHPTube /objects/subscribeNotify.json.php user_id SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
CVE-2019-17509
CVE-2019-17509 affects D-Link DIR-846 devices with firmware 100A35. Remote attackers with admin access can execute arbitrary OS commands as root by sending a crafted /HNAP1/ SetMasterWLanSettings request to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php using shell metacharacters. The...