Multiple D-Link Products CVE-2019-7298 Remote Command Injection Vulnerability

Bugtraq ID:	106814
Class:	Input Validation Error
CVE:	CVE-2019-7298
Remote:	Yes
Local:	No
Published:	Feb 01 2019 12:00AM
Updated:	Feb 01 2019 12:00AM
Credit:	David Chen (360 Enterprise Security Group)
Vulnerable:	D-Link DIR-823G 1.02B03 D-Link DIR-823G 1.02b01 D-Link DIR-823G 1.01B02 D-Link DIR-823G 1.00B02
Not Vulnerable:

Multiple D-Link Products CVE-2019-7298 Remote Command Injection Vulnerability

Multiple D-Link Products are prone to a command-injection vulnerability.

Exploiting this issue could allow an attacker to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions.

D-Link DIR-823G devices with firmware through 1.02B03 are vulnerable.

Multiple D-Link Products CVE-2019-7298 Remote Command Injection Vulnerability

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

Multiple D-Link Products CVE-2019-7298 Remote Command Injection Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple D-Link Products CVE-2019-7298 Remote Command Injection Vulnerability

References:

• D-Link Homepage (D-Link)
  
• leonW7/D-Link (leonW7)