CVE-2019-15527: OS Command Injection
First published: Fri Aug 23 2019(Updated: )
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dir-823g Firmware | =1.0.2b05 | |
| Dlink Dir-823g |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-15527?
CVE-2019-15527 is a vulnerability found on D-Link DIR-823G devices with firmware V1.0.2B05, allowing command injection through HNAP1 with authentication.
How severe is CVE-2019-15527?
CVE-2019-15527 has a severity rating of 8.8, which is considered critical.
How does CVE-2019-15527 affect D-Link DIR-823G devices?
CVE-2019-15527 affects D-Link DIR-823G devices with firmware V1.0.2B05, allowing command injection through HNAP1 (exploitable with authentication) using shell metacharacters in the MaxIdTime field to SetWanSettings.
Is D-Link DIR-823G firmware 1.0.2B05 vulnerable to CVE-2019-15527?
Yes, D-Link DIR-823G firmware 1.0.2B05 is vulnerable to CVE-2019-15527.
How can I fix CVE-2019-15527 on my D-Link DIR-823G device?
To fix CVE-2019-15527 on D-Link DIR-823G devices, it is recommended to update the firmware to a version that addresses the vulnerability.
- collector/nvd-index
- agent/references
- agent/type
- vendor/dlink
- canonical/dlink dir-823g firmware
- version/dlink dir-823g firmware/1.0.2b05
- canonical/dlink dir-823g