On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dlink dir-859 a3 firmware 1.06 |
||
dlink dir-850l a firmware 1.13 |