EUVD-2020-27985

Malware in sbrugna...

The vulnerability in the spotifyConnect.php script of D-Link’s wireless signal amplifiers allows a hacker to execute arbitrary commands.

The vulnerability in the spotifyConnect.php microprogramming of D-Link DCH-M225 wireless signal amplifiers is related to the failure to eliminate special elements used in the operating system’s processing of the parameter userName. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the administrator consoles of microprogrammed software for wireless signal amplifiers from D-Link’s DCH-M225 allows a intruder to execute arbitrary commands.

The vulnerability of the administrator consoles of microprogrammed software for D-Link DCH-M225 wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing when handling the “media renderer” parameter in the...

D-Link DCH-M225 Arbitrary OS Command Execution Vulnerability

The DCH-M225 is a Wifi portable audio extender. An arbitrary OS command execution vulnerability exists in D-Link DCH-M225 version 1.05b01 and earlier. A remote authenticated administrator can exploit this vulnerability to execute arbitrary OS commands via shell metacharacters in the media rendere...

D-Link DCH-M225 Arbitrary OS Command Execution Vulnerability (CNVD-2020-13159)

The DCH-M225 is a Wifi portable audio extender. An arbitrary OS command execution vulnerability exists in D-Link DCH-M225 1.05b01 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName...

CVE-2020-6841

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter...

CVE-2020-6841

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter...

CVE-2020-6842

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name...

CVE-2020-6842

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name...

Design/Logic Flaw

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter...

Design/Logic Flaw

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name...

CVE-2020-6842

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name...

CVE-2020-6842

D-Link DCH-M225 (version 1.05b01 and earlier) is affected. The issue is a command injection where remote authenticated admins can execute arbitrary OS commands via shell metacharacters in the media renderer name, due to insufficient input sanitization. Documented impact aligns with high severity ...

CVE-2020-6841

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter...

CVE-2020-6841

Summary: CVE-2020-6841 affects the D-Link DCH-M225 Wi‑Fi audio extender (versions 1.05b01 and earlier). The vulnerability arises in the spotifyConnect.php script where userName input is not properly neutralized, allowing an attacker to inject shell metacharacters and execute arbitrary OS commands...

PT-2020-6868 · D Link · D-Link Dch-M225

Name of the Vulnerable Software and Affected Versions: D-Link DCH-M225 versions 1.05b01 and earlier Description: The issue is related to the spotifyConnect.php script in the D-Link DCH-M225 device, where it fails to neutralize special elements used in an OS command when processing the userName...

CVE-2020-6842

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. Recent assessments: kevthehermit at February 22, 2020 11:00pm UTC reported: This analysis is a transcript of a public gist – Original...

CVE-2020-6841

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. Recent assessments: kevthehermit at February 22, 2020 10:59pm UTC reported: This analysis is a transcript of a public gist –...