CVE-2023-0127: Command Injection
First published: Sat Feb 11 2023(Updated: )
A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dwl-2600ap Firmware | =4.2.0.17 | |
| Dlink Dwl-2600ap |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-0127?
The severity of CVE-2023-0127 is classified as high due to its potential for remote command execution by an authenticated attacker.
How do I fix CVE-2023-0127?
To fix CVE-2023-0127, update the Dlink DWL-2600AP firmware to the latest version provided by the vendor.
Who is affected by CVE-2023-0127?
CVE-2023-0127 affects devices running the Dlink DWL-2600AP firmware version 4.2.0.17.
What kind of attacks can result from CVE-2023-0127?
CVE-2023-0127 allows an authenticated attacker to execute arbitrary commands as root, leading to full system compromise.
Is CVE-2023-0127 exploitable remotely?
CVE-2023-0127 is not exploitable remotely as it requires authenticated access through the device's restricted telnet interface.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/dlink
- canonical/dlink dwl-2600ap firmware
- version/dlink dwl-2600ap firmware/4.2.0.17
- canonical/dlink dwl-2600ap