D-Link NAS - Command Injection via Name Parameter

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument name leads to os command...

D-Link NAS - Command Injection via Group Parameter

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument group leads to os command injection. i...

D-Link DNS-343 ShareCenter Command Execution Vulnerability

The D-Link DNS-343 ShareCenter is a network storage device from China's AUO D-Link. The D-Link DNS-343 ShareCenter suffers from a command execution vulnerability that stems from insufficient input validation in the Mail Test feature, which can be exploited by an attacker to execute arbitrary...

CVE-2018-25120

D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/MailTest' and uses several form parameters directly in a call t...

CVE-2018-25120 D-Link DNS-343 ShareCenter <= 1.05 Command Injection via /goform/Mail_Test

D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/MailTest' and uses several form parameters directly in a call t...

D-Link DNS-320 ShareCenter Command Injection (CVE-2019-16057)

A command injection vulnerability exists in D-Link DNS-320 ShareCenter. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the affected system...

Command Execution Vulnerability in D-Link ShareCenter DNS-320 and ShareCenter DNS-325

D-Link ShareCenter DNS-320 is a Gigabit network storage device from Taiwan AUO Group.D-Link ShareCenter DNS-325 is a network storage device from Taiwan AUO Group. A command execution vulnerability exists in the D-Link ShareCenter DNS-320 and ShareCenter DNS-325. An attacker can exploit the...

D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities

Table of contents 00 - Introduction 00.1 Background 01 - Unrestricted File Upload 01.1 - Vulnerable code analysis 01.2 - Remote exploitation 02 - Command Injection 02.1 - Vulnerable code analysis 02.2 - Remote exploitation 03 - Credit 04 - Proof of concept 05 - Solution 06 - Contact information 0...

D-Link DNS-343 ShareCenter < 1.05 - Command Injection

Introduction The purpose of this article is to detail the research that I have recently completed regarding the D-Link DNS 343 ShareCenter. Background The D-Link ShareCenter 4-Bay Network Storage Enclosure DNS-343 connects to your network instead of to a computer so everyone on your network can...

D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection Vulnerabilities

D-Link DNS-325 ShareCenter versions 1.05B03 and below suffer from remote shell upload and command injection vulnerabilities. D-Link DNS-325 ShareCenter Multiple Vulnerabilities Released Date: 2017-XX-XX Last Modified: 2017-06-22 Company Info: D-Link Version Info: Vulnerable D-Link DNS-325...

D-Link DNS-325 ShareCenter 1.05B03 - Multiple Vulnerabilities

D-Link DNS-325 ShareCenter 1.05B03 - Multiple Vulnerabilities D-Link DNS-325 ShareCenter Multiple Vulnerabilities Vendor: D-Link Product: D-Link DNS-325 ShareCenter Version: = 1.05B03 Website: http://sharecenter.dlink.com/products/DNS-325 / / / / / / / / / / / / / / / / / / / / / \ / // / // / / ...

D-Link DNS-325 ShareCenter &lt; 1.05B03 - Multiple Vulnerabilities

D-Link DNS-325 ShareCenter Multiple Vulnerabilities Vendor: D-Link Product: D-Link DNS-325 ShareCenter Version: = 1.05B03 Website: http://sharecenter.dlink.com/products/DNS-325 / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and...

D-Link DNS-343 ShareCenter 1.05 - Command Injection

D-Link DNS-343 ShareCenter 1.05 - Command Injection D-Link DNS-343 ShareCenter Remote Root Vendor: D-Link Product: D-Link DNS-343 ShareCenter Version: = 1.05 Website: http://sharecenter.dlink.com/products/DNS-343 / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,///...

D-Link DNS-343 ShareCenter &lt; 1.05 - Command Injection

D-Link DNS-343 ShareCenter Remote Root Vendor: D-Link Product: D-Link DNS-343 ShareCenter Version: = 1.05 Website: http://sharecenter.dlink.com/products/DNS-343 / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development D-Link...

D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection

,---.| | |---'|---.,---.,---.,---.|---.,---.,---.. .,---. | | || |---.| || || || | |---. '---'---'|---' '---' ---'---' | Phosphorus Cybersecurity, Inc. D-Link DNS-325 ShareCenter Multiple Vulnerabilities Released Date: 2017-XX-XX Last Modified: 2017-06-22 Company Info: D-Link Version Info:...

D-Link DNS-343 ShareCenter 1.05 Command Injection

/ / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development D-Link DNS-343 ShareCenter = 1.05 Command Injection Released Date: 2017-01-15 Last Modified: 2017-06-22 Company Info: D-Link Version Info: Vulnerable D-Link DNS-343...

D-Link DNS-320 Backdoor Unauthorized Access

An unauthorized access vulnerability exists in D-Link DNS-320 ShareCenter. Successful exploitation of this vulnerability could allow a remote attacker to gain administrator level access on the affected device...

D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access Vulnerability

Exploit for hardware platform in category web applications DNS-320L ShareCenter Backdoor Vendor: D-Link Product: DNS-320L ShareCenter Version: = 1.06 -- Table of contents 00 - Introduction 00.1 Background 01 - Hard coded...

D-Link DNS-320L 'mydlinkBRionyg' Backdoor

Released Date: 2018-01-03 Last Modified: 2017-06-14 Company Info: D-Link Version Info: Vulnerable D-Link DNS-320L ShareCenter = 1.06 Table of contents 00 - Introduction 00.1 Background 01 - Hard coded backdoor 01.1 - Vulnerable code analysis 01.2 - Remote exploitation 02 - Credit 03 - Proof of...

D-Link DNS-320L ShareCenter Backdoor Account / Remote Root

/ / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development D-Link DNS-320L ShareCenter Backdoor Released Date: 2018-01-03 Last Modified: 2017-06-14 Company Info: D-Link Version Info: Vulnerable D-Link DNS-320L ShareCenter =...