CVE-2023-25280

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the...

Basic Information

CVE State: PUBLISHED
Reserved Date: February 06, 2023
Published Date: March 16, 2023
Last Updated: October 04, 2024
Vendor: n/a
Product: n/a
Description: OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.

CVSS Scores

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2024-09-30 00:00:00 UTC) Source

References

https://www.dlink.com/en/security-bulletin/ https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20Inject%20in%20pingV4Msg

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-09-30 00:00:00 UTC