First published: Thu Jan 31 2019(Updated: )
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
D-link Dir-823g Firmware | <=1.02b03 | |
Dlink Dir-823g | ||
All of | ||
D-link Dir-823g Firmware | <=1.02b03 | |
Dlink Dir-823g |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2019-7297.
CVE-2019-7297 has a severity rating of 9.8 (Critical).
D-Link DIR-823G devices with firmware through 1.02B03 are affected by CVE-2019-7297.
CVE-2019-7297 allows attackers to execute arbitrary OS commands through shell metacharacters in a crafted /HNAP1 request.
No, Dlink Dir-823g devices are not vulnerable to CVE-2019-7297.