OS Command Injection Vulnerability in D-Link DIR820LA Router
CVE-2023-25279

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-820l Firmware
Vendor: CVE Published:; 13 March 2023

Summary

An OS command injection vulnerability exists in the firmware of the D-Link DIR820LA router, specifically version 1.05B03. This vulnerability allows attackers to craft specific payloads capable of escalating privileges to root level. Exploiting this flaw can lead to unauthorized access and potential control over the affected device, threatening the integrity of the user's network. It is crucial for users to apply the latest security updates from D-Link to mitigate this risk and protect their systems.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cm...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2023
Vulnerability Reserved
Feb 6, 2023