A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection.
The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Attack Parameters
Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
None
Нет дополнительных условий
Privileges Required
High
Нужны права администратора
User Interaction
None
Не нужно действие пользователя
Impact Assessment
Confidentiality
Low
Частичная утечка данных
Integrity
Low
Частичная модификация данных
Availability
Low
Частичное нарушение работы
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 2
dlink:dcs-931l_firmware
dlink:dcs-931l
Known Affected Software Configurations 2
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Dlink Dcs-931l_Firmware
cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*
|
— |
<= 1.13.00
|
|
Dlink Dcs-931l
cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*
|
— | — |