漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
D-Link DI-500WF-WT /usr/sbin/jhttpd msp_info.htm sub_456DE8 command injection
Vulnerability Description
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub_456DE8 of the file /msp_info.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack can be launched remotely.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
D-Link DI-500WF-WT 注入漏洞
Vulnerability Description
D-Link DI-500WF-WT是中国友讯(D-Link)公司的一款用于无线网络覆盖的设备。 D-Link DI-500WF-WT 20250511及之前版本存在注入漏洞,该漏洞源于对参数cmd的错误操作导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A