diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote malicious users to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
d-link dsl-2540u_firmware me_1.00 |
||
d-link dsl-2640u_firmware im_1.00 |
||
d-link dsl-2640u_firmware me_1.00 |