Command Injection Vulnerability in D-Link DI-7200GV2.E1
CVE-2021-46231

9.8CRITICAL

Key Information:

Vendor
D-Link
Status
Di-7200gv2 Firmware
Vendor
CVE Published:
4 February 2022

Summary

A security flaw has been identified in the D-Link DI-7200GV2.E1 that allows attackers to inject arbitrary commands through the url_en parameter in the urlrd_opt.asp function. This vulnerability poses significant risks as it enables unauthorized command execution, potentially leading to compromised devices and compromised network integrity. Users are advised to review their current firmware versions and apply necessary security updates to mitigate risks associated with this vulnerability.

References

https://www.dlink.com/en/security-bulletin/
x_refsource_MISC
https://github.com/pjqwudi/my_vuln/blob/main/D-link/vuln_...
x_refsource_MISC
https://supportannouncement.us.dlink.com/announcement/pub...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.