OS Command Injection Vulnerability in D-Link DIR820LA1_FW105B03 Allows Attackers to Escalate Privileges to Root
CVE-2023-25280

9.8CRITICAL

Key Information:

Vendor
D-Link
Status
Dir820la1 Firmware
Vendor
CVE Published:
16 March 2023

Badges

πŸ’° RansomwareπŸ‘Ύ Exploit ExistsπŸ¦… CISA ReportedπŸ“° News Worthy

Summary

An OS Command injection vulnerability exists in D-Link DIR-820L router, where crafted payloads directed at the ping_addr parameter can lead to unauthorized privilege escalation to root. Attackers can exploit this vulnerability by sending specially constructed input to the affected router, which may result in significant security breaches. Users of the DIR-820L should take immediate precautions to mitigate the risks associated with this vulnerability.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

News Articles

favicon imageSC Media

SAP, D-Link flaws among 4 added to Known Exploited Vulnerabilities catalog

Older, unpatched vulnerabilities remain a risk for organizations.

3 months ago

favicon imageSecurity Affairs

U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog

CISA adds D-Link Routers, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to Known Exploited Vulnerabilities catalog

4 months ago

favicon imageGBHackers

CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild

CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild. CVE-2023-25280, CVE-2020-15415, CVE-2021-4043, CVE-2019-0344

4 months ago

References

https://www.dlink.com/en/security-bulletin/
https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cm...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • πŸ“°

    First article discovered by Palo Alto Networks

  • Vulnerability published

  • Vulnerability Reserved

.