8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
Affected (4)
Products: Dlink: Dwr 116 Firmware, Dwr 512 Firmware, Dwr 912 Firmware, Dwr 111 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.06 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dwr 116 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.02 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dwr 512 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.02 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dwr 921 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.01 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dwr 111 | All versions |
References (4)
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Timeline
No history available yet.