Описание
DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:dlink:dsl-224_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-224:-:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.0044
Низкий
9.9 Critical
CVSS3
Дефекты
CWE-77
CWE-77
Связанные уязвимости
CVSS3: 9.9
github
около 3 лет назад
DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.
EPSS
Процентиль: 63%
0.0044
Низкий
9.9 Critical
CVSS3
Дефекты
CWE-77
CWE-77