Remote Command Execution Vulnerability in D-Link Media Renderer Devices
CVE-2020-6842

7.2HIGH

Key Information:

Vendor: D-Link
Status: Dch-m225 Firmware
Vendor: CVE Published:; 21 February 2020

What is CVE-2020-6842?

A remote command execution vulnerability affects D-Link DCH-M225 devices running version 1.05b01 and earlier. This flaw allows authenticated administrators to execute arbitrary operating system commands by utilizing shell metacharacters in the media renderer name. When exploited, this vulnerability can lead to unauthorized control over the affected devices, making it crucial for users to apply security patches and updates provided by D-Link.

References

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_CONFIRM

https://gist.github.com/jezzaaa/9d704400a7e23f988dfb4f736...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2020
Vulnerability Reserved
Jan 11, 2020