1 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiyuanhuaigu/cve/blob/main/rce.md https://vuldb.com/?ctiid.252139 https://vuldb.com/?id.252139 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •