8 matches found
EUVD-2020-27985
Malware in sbrugna...
The vulnerability of the administrator consoles of microprogrammed software for wireless signal amplifiers from D-Link’s DCH-M225 allows a intruder to execute arbitrary commands.
The vulnerability of the administrator consoles of microprogrammed software for D-Link DCH-M225 wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing when handling the “media renderer” parameter in the...
D-Link DCH-M225 Arbitrary OS Command Execution Vulnerability (CNVD-2020-13159)
The DCH-M225 is a Wifi portable audio extender. An arbitrary OS command execution vulnerability exists in D-Link DCH-M225 1.05b01 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName...
CVE-2020-6842
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name...
CVE-2020-6841
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter...
Design/Logic Flaw
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name...
CVE-2020-6841
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. Recent assessments: kevthehermit at February 22, 2020 10:59pm UTC reported: This analysis is a transcript of a public gist –...
PT-2020-6868 · D Link · D-Link Dch-M225
Name of the Vulnerable Software and Affected Versions: D-Link DCH-M225 versions 1.05b01 and earlier Description: The issue is related to the spotifyConnect.php script in the D-Link DCH-M225 device, where it fails to neutralize special elements used in an OS command when processing the userName...