An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
View Full Alert
Related Posts
CVE-2007-1072 (unified_ip_phone_firmware_7906g, unified_ip_phone_firmware_7911g, unified_ip_phone_firmware_7941g, unified_ip_phone_firmware_7961g, unified_ip_phone_firmware_7970g, unified_ip_phone_firmware_7971g)The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause…
CVE-2018-10691 (awk-3121_firmware)An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download…
CVE-2018-10692 (awk-3121_firmware)An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site…