Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
D-Link Devices tools_vct.xgi Unauthenticated RCE
Vulnerability Description
An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
D-Link DIR-615和D-Link DIR-300 安全漏洞
Vulnerability Description
D-Link DIR-615和D-Link DIR-300都是中国友讯(D-Link)公司的一款无线路由器。 D-Link DIR-300 rev A 1.05版本和D-Link DIR-615 rev D 4.13版本存在安全漏洞,该漏洞源于tools_vct.xgi端点输入清理不足,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A