Описание
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
Уязвимость функции NTPSyncWithHost микропрограммного обеспечения маршрутизаторов D-Link DIR-816 A2, позволяющая нарушителю выполнить произвольные команды
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2