D-Link DIR-820 Router OS Command Injection Vulnerability
D-Link — DIR-820 Router
- Added to KEV catalog
- 30 September 2024
- Federal remediation due date
- 21 October 2024
- Weakness classification (CWE)
- CWE-78
CISA Description
D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
Required action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notes
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10358 ; https://nvd.nist.gov/vuln/detail/CVE-2023-25280
More D-Link Vulnerabilities
D-Link DIR-823X Command Injection Vulnerability
D-Link Routers Buffer Overflow Vulnerability
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services