← Volver a CVEs
CVE-2020-25367
CRITICAL9.8
Descripcion
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/4/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
dlink:dir-823gdlink:dir-823g_firmware
Debilidades (CWE)
CWE-78
Referencias
http://d-link.com(cve@mitre.org)
https://github.com/sek1th/iot/blob/master/dir823g_3.md(cve@mitre.org)
https://www.dlink.com/en/security-bulletin/(cve@mitre.org)
http://d-link.com(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/sek1th/iot/blob/master/dir823g_3.md(af854a3a-2127-422b-91ae-364da2661108)
https://www.dlink.com/en/security-bulletin/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.