CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0127
https://notcve.org/view.php?id=CVE-2023-0127
A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. • https://www.tenable.com/security/research/tra-2023-1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 96%CPEs: 2EXPL: 2CVE-2019-20499 – DLINK DWL-2600 - Authenticated Remote Command Injection
https://notcve.org/view.php?id=CVE-2019-20499
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter. Los dispositivos D-Link DWL-2600AP versión 4.2.0.15 Rev A, presentan una vulnerabilidad de inyección de comandos del Sistema Operativo autenticado por medio de la funcionalidad Restore Configuration en la interfaz web, utilizando metacaracteres de shell en el parámetro configRestore o configServerip de admin.cgi?action=config_restore. • https://www.exploit-db.com/exploits/48274 https://www.exploit-db.com/exploits/46841 http://packetstormsecurity.com/files/156952/DLINK-DWL-2600-Authenticated-Remote-Command-Injection.html https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 1CVE-2019-20500 – D-Link DWL-2600AP Access Point Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-20500
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. Los dispositivos D-Link DWL-2600AP versión 4.2.0.15 Rev A, presentan una vulnerabilidad de inyección de comandos del Sistema Operativo autenticado por medio de la funcionalidad Save Configuration en la interfaz web, utilizando metacaracteres de shell en el parámetro configBackup o downloadServerip de admin.cgi?action=config_save. D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi? • https://www.exploit-db.com/exploits/46841 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-20501 – D-Link DWL-2600AP - Multiple OS Command Injection
https://notcve.org/view.php?id=CVE-2019-20501
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. Los dispositivos D-Link DWL-2600AP versión 4.2.0.15 Rev A, presentan una vulnerabilidad de inyección de comandos del Sistema Operativo autenticada por medio de la funcionalidad Upgrade Firmware en la interfaz web, utilizando metacaracteres de shell en el parámetro firmwareRestore o firmwareServerip de admin.cgi?action=upgrade. • https://www.exploit-db.com/exploits/46841 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •