2 matches found
CVE-2022-43646
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Vimeo plugin for the xupnpd service, which listens on TCP...
CVE-2022-43646
CVE-2022-43646 affects D-Link DIR-825 (versions 1.0.9/EE). The vulnerability is in the Vimeo plugin for the xupnpd service (listening on TCP 4044) where unvalidated user-supplied strings are used to spawn a system call, allowing network-adjacent attackers to execute arbitrary code as the admin us...