A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XDlink Dns 320
HWDlinkwszystkie wersjeDlink Dns 320 Firmware
OSDlinkwszystkie wersjeDlink Dns 320lw
HWDlinkwszystkie wersjeDlink Dns 320lw Firmware
OSDlinkwszystkie wersjeDlink Dns 325
HWDlinkwszystkie wersjeDlink Dns 325 Firmware
OSDlinkwszystkie wersjeDlink Dns 340l
HWDlinkwszystkie wersjeDlink Dns 340l Firmware
OSDlinkwszystkie wersje
Related vulnerabilities
D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which...
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
Command injection w D-Link DNS-320/325/340L przez parametr group
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322...