CVE-2015-2049

Опубликовано: 23 фев. 2015

Источник: nvd

CVSS2: 9

EPSS Высокий

Описание

Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

Комментарий

CWE-434: Unrestricted Upload of File with Dangerous Type

Ссылки

http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10049
Vendor Advisory
http://www.kb.cert.org/vuls/id/377348
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/39192/
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10049
Vendor Advisory
http://www.kb.cert.org/vuls/id/377348
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/39192/

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*

Версия до 1.04 (включая)

cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.82874

Высокий

9 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-2w2w-m9f2-6x9q

github

больше 3 лет назад