Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DBL DBLTek设备Web服务器安全漏洞
Vulnerability Description
DBL DBLTek devices是中国得伯乐(DBL)公司的一款网关产品。web server是其中的一个Web服务器。 DBL DBLTek设备上的Web服务器存在安全漏洞。远程攻击者可通过获取管理员密码并在HTTP Basic Authentication中使用该密码利用该漏洞执行任意的操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A