CVE-2023-25280 - D-Link DIR-820 Router OS Command Injection Vulnerability
Project:D-Link
Product:DIR-820 Router
Date Added:2024-09-30Due Date:2024-10-21
Vulnerability Name
D-Link DIR-820 Router OS Command Injection Vulnerability
Description
D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Additional Notes
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10358
https://nvd.nist.gov/vuln/detail/CVE-2023-25280