CVE-2023-25280
D-Link DIR-820 Router OS Command Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
98.1%
p100
KEV
SÍ
30 sept 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
D-Link / DIR-820 Router
Vulnerabilidad
D-Link DIR-820 Router OS Command Injection Vulnerability
Añadido a KEV
30 sept 2024
Remediar antes de
21 oct 2024
Uso conocido en ransomware
No
Descripción resumida
D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
Acción requerida
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notas
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10358 ; https://nvd.nist.gov/vuln/detail/CVE-2023-25280
Sin CVEs relacionados por CWE o producto.