silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,165
Multiple D-Link routers have vulnerabilities in their Common Gateway Interface (CGI) that if exploited could result in remote code execution.
The Carnegie Mellon University Software Engineering Institute’s CERT/CC reported the CGI codes have two flaws: The /apply_sec.cgi code is exposed to unauthenticated users and the ping_ipaddr argument of the ping_test action fails to properly handle newline characters.
The products affected are the DIR-655, DIR-866L, DIR-652, DHP-1565, DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835 and DIR-825.
There is currently no patch, update or workaround available for these problems. Additionally, D-Link no longer supports the affected routers.
Unsupported D-Link routers vulnerable to RCE flaws
Multiple D-Link routers have vulnerabilities in their Common Gateway Interface (CGI) that if exploited could result in remote code execution. The Carnegie Mellon University Software Engineering Institute’s CERT/CC reported the CGI codes have two flaws: The /apply_sec.cgi code is exposed to...
www.scmagazine.com