exploitDog

CVE-2021-28143

Опубликовано: 11 мар. 2021

Источник: nvd

CVSS3: 8

CVSS2: 7.7

EPSS Средний

Описание

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools).

Ссылки

https://github.com/vitorespf/Advisories/blob/master/DLINK-DIR-841-command-injection.txt
Exploit
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10207
Patch
Vendor Advisory
https://github.com/vitorespf/Advisories/blob/master/DLINK-DIR-841-command-injection.txt
Exploit
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10207
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:dlink:dir-841_firmware:3.03:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dir-841_firmware:3.04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-841:-:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.23127

Средний

8 High

CVSS3

7.7 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-6fqw-cvh4-899x

CVSS3: 8

github

больше 3 лет назад

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools).

EPSS

Процентиль: 96%

0.23127

Средний

8 High

CVSS3

7.7 High

CVSS2

Дефекты

CWE-78