Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dsr 1000
HWDlinkwszystkie wersjeDlink Dsr 1000 Firmware
OSDlink< 1.08b77Dlink Dsr 1000n
HWDlinkwszystkie wersjeDlink Dsr 1000n Firmware
OSDlink< 1.08b77Dlink Dsr 150
HWDlinkwszystkie wersjeDlink Dsr 150 Firmware
OSDlink< 1.08b44Dlink Dsr 150n
HWDlinkwszystkie wersjeDlink Dsr 150n Firmware
OSDlink< 1.05b64Dlink Dsr 250
HWDlinkwszystkie wersjeDlink Dsr 250 Firmware
OSDlink< 1.08b44Dlink Dsr 250n
HWDlinkwszystkie wersjeDlink Dsr 250n Firmware
OSDlink< 1.08b44Dlink Dsr 500
HWDlinkwszystkie wersjeDlink Dsr 500 Firmware
OSDlink< 1.08b77Dlink Dsr 500n
HWDlinkwszystkie wersjeDlink Dsr 500n Firmware
OSDlink< 1.08b77
Powiązane podatności
D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passw...
The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which ...
Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to...
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksum...
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary i...