CVE-2023-25280 - D-Link DIR-820 Router OS Command Injection Vulnerability
项目:D-Link
产品:DIR-820 Router
添加日期:2024-09-30到期日:2024-10-21最后更新:June 21, 2025
漏洞名称
D-Link DIR-820 Router OS Command Injection Vulnerability
描述
D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
已知用于勒索软件活动吗?
Unknown
采集行动
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
其他说明
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10358
https://nvd.nist.gov/vuln/detail/CVE-2023-25280