Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
D-Link DI-500WF jhttpd version_upgrade.asp os command injection
Vulnerability Description
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
D-Link DI-500WF 安全漏洞
Vulnerability Description
D-Link DI-500WF是中国友讯(D-Link)公司的一款面板式无线接入点。 D-Link DI-500WF 14.04.10A1T版本存在安全漏洞,该漏洞源于对文件/version_upgrade.asp中参数path的错误操作导致os命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A