Описание
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the /bin/sh -c wget sequence.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:dlink:6600-ap_firmware:4.2.0.14:*:*:*:*:*:*:*
cpe:2.3:h:dlink:6600-ap:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:dlink:dwl-3600ap_firmware:4.2.0.14:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwl-3600ap:-:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00083
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin/sh -c wget` sequence.
EPSS
Процентиль: 24%
0.00083
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-78