Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
D-Link DIR-823G 操作系统命令注入漏洞
Vulnerability Description
D-Link DIR-823G是中国台湾友讯(D-Link)公司的一款无线路由器。 使用1.02B03之前版本固件的D-Link DIR-823G中存在操作系统命令注入漏洞。攻击者可通过发送带有shell元字符的特制/HNAP1请求利用该漏洞执行任意的操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A