Page 9 of 42 results (0.002 seconds)

CVSS: 9.8EPSS: 68%CPEs: 2EXPL: 1

On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. En dispositivos D-Link DIR-823G, la configuración GoAhead permite una inyección de comandos /HNAP1 mediante metacaracteres shell en los datos POST. Esto se debe a que los datos se envían directamente a la función de biblioteca "system". • https://xz.aliyun.com/t/2834 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1

On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. En dispositivos D-Link DIR-823G, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh y upload_firmware.cgi no requieren autenticación, lo que permite que los atacantes remotos ejecuten código arbitrario. • https://xz.aliyun.com/t/2834 • CWE-287: Improper Authentication •