CVE-2023-25280 - D-Link DIR-820 Router OS Command Injection Vulnerability

项目:D-Link

产品:DIR-820 Router

添加日期:2024-09-30到期日:2024-10-21最后更新:June 21, 2025

漏洞名称

D-Link DIR-820 Router OS Command Injection Vulnerability

描述

D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.

已知用于勒索软件活动吗?

Unknown

采集行动

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

其他说明

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10358

https://nvd.nist.gov/vuln/detail/CVE-2023-25280

相关 CWE