Published: 27/09/2019 Updated: 10/10/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple D-Link products are prone to a command-injection vulnerability. Exploiting this issue could allow an malicious user to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions.

Vulnerability Trend

Affected Products

Recent Articles

D-Link Adds More Buggy Router Models to ‘Won’t Fix’ List
Threatpost • Tom Spring • 19 Nov 2019

D-Link has warned that more of its routers are vulnerable to critical flaws that allow remote hackers to take control of hardware and steal data. The routers won’t be fixed, said D-Link, explaining that the hardware has reached its end-of-life and will no longer receive security updates.
The vulnerability is identified as a remote code-execution (RCE) flaw — a “bad authentication check” — impacting 13 model D-Link routers, according to a support announcement released Tuesday. The...