N/A

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

D-Link DAP-2020 操作系统命令注入漏洞

D-Link DAP-2020是中国友讯（D-Link）公司的一个WIFI接入点。 D-Link DAP-2020 v1.01rc001 Wi-Fi 存在安全漏洞，攻击者可利用该漏洞安装执行任意代码。

N/A

N/A