EUVD-2020-27985

Malware in sbrugna...

D-Link DCH-M225 Arbitrary OS Command Execution Vulnerability

The DCH-M225 is a Wifi portable audio extender. An arbitrary OS command execution vulnerability exists in D-Link DCH-M225 version 1.05b01 and earlier. A remote authenticated administrator can exploit this vulnerability to execute arbitrary OS commands via shell metacharacters in the media rendere...

D-Link DCH-M225 Arbitrary OS Command Execution Vulnerability (CNVD-2020-13159)

The DCH-M225 is a Wifi portable audio extender. An arbitrary OS command execution vulnerability exists in D-Link DCH-M225 1.05b01 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName...

CVE-2020-6841

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter...

CVE-2020-6841

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter...

CVE-2020-6842

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name...

CVE-2020-6842

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name...

Design/Logic Flaw

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name...

Design/Logic Flaw

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter...

CVE-2020-6842

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name...

CVE-2020-6842

D-Link DCH-M225 (version 1.05b01 and earlier) is affected. The issue is a command injection where remote authenticated admins can execute arbitrary OS commands via shell metacharacters in the media renderer name, due to insufficient input sanitization. Documented impact aligns with high severity ...

CVE-2020-6841

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter...

CVE-2020-6841

Summary: CVE-2020-6841 affects the D-Link DCH-M225 Wi‑Fi audio extender (versions 1.05b01 and earlier). The vulnerability arises in the spotifyConnect.php script where userName input is not properly neutralized, allowing an attacker to inject shell metacharacters and execute arbitrary OS commands...

CVE-2020-6842

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. Recent assessments: kevthehermit at February 22, 2020 11:00pm UTC reported: This analysis is a transcript of a public gist – Original...

CVE-2020-6841

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. Recent assessments: kevthehermit at February 22, 2020 10:59pm UTC reported: This analysis is a transcript of a public gist –...

PT-2020-6868 · D Link · D-Link Dch-M225

Name of the Vulnerable Software and Affected Versions: D-Link DCH-M225 versions 1.05b01 and earlier Description: The issue is related to the spotifyConnect.php script in the D-Link DCH-M225 device, where it fails to neutralize special elements used in an OS command when processing the userName...