D-Link多款产品 命令注入漏洞

D-Link DNS-320, etc., are products of D-Link Corporation, a Chinese company. The D-Link DNS-320 is a NAS Network Attached Storage device. The D-Link DNS-325 is also a NAS device. The D-Link DNS-120 is a network storage adapter. Several D-Link products have command injection vulnerabilities, which...

The vulnerability of the cgi_user_add function in the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add of D-Link routers such as DNS-320, DNS-320LW, DNS-325, and DNS-340L allows a hacker to execute arbitrary code.

The vulnerability of the cgiuseradd function in the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd of D-Link routers such as DNS-320, DNS-320LW, DNS-325, and DNS-340L lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute...