D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dnr 326
HWDlinkwszystkie wersjeDlink Dns 320b
HWDlinkwszystkie wersjeDlink Dns 320l
HWDlinkwszystkie wersjeDlink Dns 322l
HWDlinkwszystkie wersjeDlink Dns 325
HWDlinkwszystkie wersjeDlink Dns 327l
HWDlinkwszystkie wersjeDlink Dns 345
HWDlinkwszystkie wersjeD Link Dnr 326 Firmware
OSD-Link≤ 1.40b03D Link Dns 320b Firmware
OSD-Link≤ 1.02b01D Link Dns 320l Firmware
OSD-Link≤ 1.03b04D Link Dns 322l Firmware
OSD-Link≤ 2.00b07D Link Dns 325 Firmware
OSD-Link≤ 1.05b03D Link Dns 327l Firmware
OSD-Link≤ 1.02D Link Dns 345 Firmware
OSD-Link≤ 1.03b06
Powiązane podatności
D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)
Command injection w D-Link DNS-320/325/340L przez parametr group
Command injection w D-Link DNS-320/325/340L — zdalne wykonanie poleceń OS
The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authenticati...
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322...