Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra or ripd). Subsequent log messages will be appended to the file, prefixed by a timestamp and some logging metadata. Remote code execution can be achieved by using this vulnerability to append to a shell script on the router's filesystem, and then awaiting or triggering the execution of that script. A remote, unauthenticated root shell can easily be obtained on the device in this fashion.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
D-Link DIR-2640 路径遍历漏洞
Vulnerability Description
D-Link DIR-2640是中国台湾友讯(D-Link)公司的一款高功率 Wi-Fi 路由器。 D-Link DIR-2640 Quagga 1.11B02及其之前版本存在路径遍历漏洞,该漏洞源于软件对于路径参数缺少有效的过滤,攻击者可以利用此漏洞进行远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A