ID

VAR-201305-0420

TITLE

D-Link DNS-323 ShareCenter Remote Directory Traversal Vulnerability

DESCRIPTION

When you click the \"Save To\" text box or the \"Browse\" button, the directory on the \"Volume_1\" share will pop up. Click the \"+\" sign to expand the directory. You can send a POST request with the following parameters to /goform/GetNewDir: fNEW_DIR /mnt/ Volume_1f_backup 0f_IP_address <ip address of NAS>f_file 0 Because the fNEW_DIR variable is not fully filtered, the attacker is allowed to upload malicious files to any directory through the directory traversal sequence, such as /etc/shadow. When clicking the \"play button\" that you plan to download, the request submitted to /goform/right_now_d can include the following parameters: T1 <at job id>, SCHEDULE<num>, <user>, <source>, <destination>, <num > The SCHEDULE<num> parameter is not properly filtered, allowing remote attackers to exploit the vulnerability to inject arbitrary OS commands and execute with WEB privileges. D-Link DNS-320 ShareCenter is a gigabit network storage of Taiwan D-Link Group. A remote command execution vulnerability and a directory traversal vulnerability exist in the D-Link DNS-323 ShareCenter. An attacker could use these vulnerabilities to execute arbitrary commands and perform arbitrary access to arbitrary files in the context of an affected device by using a directory traversal string. Vulnerabilities exist in D-Link DNS-323 ShareCenter firmware version 1.09. Other versions may also be affected

IOT TAXONOMY

AFFECTED PRODUCTS

CVSS

THREAT TYPE

remote

TYPE

Input Validation Error

EXTERNAL IDS

REFERENCES

CREDITS

sghctoma

SOURCES

LAST UPDATE DATE

2022-05-17T01:45:24.982000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE