2 matches found
CVE-2023-34281
D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, t...
CVE-2023-34281
D‑Link DIR‑2150 is affected by CVE‑2023‑34281 due to a GetFirmwareStatus target command injection in the SOAP API interface (listening on TCP/80). The flaw lacks proper validation of a user‑supplied string that is used to execute a system call, enabling an attacker to run arbitrary code with root...