Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware prior to 1.08B44; DSR-150N with firmware prior to 1.05B64; DSR-250 and DSR-250N with firmware prior to 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware prior to 1.08B77 allow remote malicious users to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dlink dsr-150_firmware |
||
dlink dsr-150n_firmware |
||
dlink dsr-250_firmware |
||
dlink dsr-250n_firmware |
||
dlink dsr-500_firmware |
||
dlink dsr-500n_firmware |
||
dlink dsr-1000_firmware |
||
dlink dsr-1000n_firmware |