N/A

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. When parsing the path parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-10911.

N/A

在命令中使用的特殊元素转义处理不恰当(命令注入)

D-Link DVA-2800 and DSL-2888A 命令注入漏洞

D-Link DVA-2800 and DSL-2888A是美国 （D-Link）公司的一个无线路由器。提供连接网络功能。 D-Link DVA-2800 和 DSL-2888A 固件中存在命令注入漏洞，该漏洞源于外部输入数据构造可执行命令过程中，网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。

N/A

N/A