Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
D-Link DSL-2640U和DSL-2540U 安全漏洞
Vulnerability Description
D-Link DSL-2640U和DSL-2540U都是友讯(D-Link)公司的路由器产品。 使用IM_1.00和ME_1.00版本固件的D-Link DSL-2640U设备和使用ME_1.00版本固件的DSL-2540U设备中的diag_ping.cmd文件存在安全漏洞。远程攻击者可借助HTTP GET请求中ipaddr字段的shell元字符利用该漏洞执行任意的操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A