CVE-2022-1262
https://notcve.org/view.php?id=CVE-2022-1262
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. Una vulnerabilidad de inyección de comandos en el binario de protesta permite a un atacante con acceso a la interfaz de línea de comandos remota ejecutar comandos arbitrarios como root • https://www.tenable.com/security/research/tra-2022-09 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-28144 – D-Link DIR-3060 1.11b04 Command Injection
https://notcve.org/view.php?id=CVE-2021-28144
prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely. El archivo prog.cgi en los dispositivos D-Link DIR-3060 versiones anteriores a 1.11b04 HF2, permite a usuarios autenticados remoto inyectar comandos arbitrarios en un contexto de administrador o root porque la función SetVirtualServerSettings llama a CheckArpTables, que llama a popen de manera no segura D-Link DIR-3060 versions 1.11b04 and below suffer from an authenticated command injection vulnerability. • http://packetstormsecurity.com/files/161757/D-Link-DIR-3060-1.11b04-Command-Injection.html http://seclists.org/fulldisclosure/2021/Mar/23 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10208 https://www.iot-inspector.com/blog/advisory-d-link-dir-3060 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •