First published: Sat Mar 07 2020(Updated: )
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-825 Firmware | =2.10 | |
Dlink Dir-825 | ||
Trendnet Tew-632brp Firmware | =1.010b32 | |
TRENDnet TEW-632BRP |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10213 is a vulnerability that allows remote attackers to execute arbitrary commands on D-Link DIR-825 Rev.B 2.10 devices and TRENDnet TEW-632BRP 1.010B32.
CVE-2020-10213 has a severity rating of 8.8 (critical).
Remote attackers can exploit CVE-2020-10213 by sending a malicious POST request with a crafted wps_sta_enrollee_pin parameter to the set_sta_enrollee_pin.cgi script.
D-Link DIR-825 Rev.B 2.10 devices and TRENDnet TEW-632BRP 1.010B32 are affected by CVE-2020-10213.
At the moment, there are no official fixes or patches available for CVE-2020-10213. It is recommended to regularly check for updates from the vendors.