Описание
D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script mydlink-watch-dog.sh, which blindly respawns binaries such as dcp and signalc without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.
Ссылки
- ExploitThird Party Advisory
- Product
- Not Applicable
Уязвимые конфигурации
Одновременно
EPSS
6.6 Medium
CVSS3
Дефекты
Связанные уязвимости
D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.
Уязвимость микропрограммного обеспечения сетевой камеры для видеонаблюдения D-Link DCS-825L, связанная с загрузкой кода без проверки его целостности, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
EPSS
6.6 Medium
CVSS3