An issue exists in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dlink dir-300_firmware 2.14b01 |
||
dlink dir-600_firmware |
||
dlink dir-645_firmware |
||
dlink dir-845_firmware |
||
dlink dir-865_firmware 1.05b03 |