CVE-2020-25367: OS Command Injection
First published: Thu Nov 04 2021(Updated: )
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dir-823g Firmware | =1.0.2b05 | |
| Dlink Dir-823g |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this command injection vulnerability in D-Link DIR-823G devices?
The vulnerability ID for this command injection vulnerability in D-Link DIR-823G devices is CVE-2020-25367.
What is the severity level of CVE-2020-25367?
CVE-2020-25367 has a severity level of 9.8 (Critical).
What is affected by the CVE-2020-25367 vulnerability?
The CVE-2020-25367 vulnerability affects D-Link DIR-823G devices with firmware V1.0.2B05.
How can an attacker exploit the CVE-2020-25367 vulnerability?
An attacker can exploit the CVE-2020-25367 vulnerability by executing arbitrary web scripts via shell metacharacters in the Captcha field to Login.
Are D-Link DIR-823G devices without firmware V1.0.2B05 affected by CVE-2020-25367?
No, D-Link DIR-823G devices without firmware V1.0.2B05 are not affected by CVE-2020-25367.
- collector/nvd-index
- agent/weakness
- vendor/dlink
- canonical/dlink dir-823g firmware
- version/dlink dir-823g firmware/1.0.2b05
- canonical/dlink dir-823g