Command Execution Vulnerability in D-Link DIR-816 A1

D-Link DIR-816 A1 is a wireless router from AUO Electronic Equipment Shanghai Co. A command execution vulnerability exists in the D-Link DIR-816 A1, which can be exploited to execute arbitrary commands by sending a POST request with the 'datetime' parameter to form2systime.cgi...

CVE-2018-17066

CVE-2018-17066 affects D-Link DIR-816 A2 with firmware 1.10 B05. The /goform/form2systime.cgi handler builds a command string using the HTTP datetime parameter, allowing command injection via shell metacharacters. Network-accessible in the affected device with no authentication required, and the ...