4 matches found
CVE-2013-10050
An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13—via the authenticated toolsvct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid...
CVE-2013-10050
CVE-2013-10050 affects D-Link DIR-300 (rev A, v1.05) and DIR-615 (rev D, v4.13). An authenticated user can exploit the tools_vct.xgi CGI endpoint to inject commands via pingIp, leading to full device compromise (telnet daemon and root shell). The flaw is tied to firmware exposing tools_vct.xgi on...
CVE-2013-10050 D-Link Devices tools_vct.xgi Authenticated RCE
An OS command injection vulnerability exists in multiple D-Link routers confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13 via the authenticated toolsvct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid...
CVE-2013-10050 D-Link Devices tools_vct.xgi Authenticated RCE
An OS command injection vulnerability exists in multiple D-Link routers confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13 via the authenticated toolsvct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid...