ID
VAR-201407-0749
TITLE
Multiple D-Link Products 'soap.cgi' Remote Command Injection Vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2014-04505
DESCRIPTION
The D-Link DIR series is a router device developed by D-LINK. Multiple D-Link DIR series products soap.cgi failed to properly filter the \"NewInternalClient\", \"NewExternalPort\" and \"NewInternalPort\" XML parameter data, allowing remote attackers to exploit the vulnerability to inject and execute arbitrary shell commands.
Trust: 0.6
sources:
CNVD: CNVD-2014-04505
IOT TAXONOMY
| category: | ['IoT', 'Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2014-04505
AFFECTED PRODUCTS
| vendor: | d link | model: | dir-300 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | d link | model: | dir-600 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | d link | model: | dir-645 | scope: | eq | version: | 1.x | Trust: 0.6 |
| vendor: | d link | model: | dir-865l | scope: | - | version: | - | Trust: 0.6 |
| vendor: | d link | model: | dir-845l | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2014-04505
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2014-04505
PATCH
| title: | Patch for multiple D-Link products 'soap.cgi' remote command injection vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/47624 | Trust: 0.6 |
sources:
CNVD: CNVD-2014-04505
EXTERNAL IDS
| db: | SECUNIA | id: | 59274 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2014-04505 | Trust: 0.6 |
sources:
CNVD: CNVD-2014-04505
REFERENCES
| url: | http://www.s3cur1ty.de/m1adv2013-020 | Trust: 0.6 |
| url: | http://secunia.com/advisories/59274/ | Trust: 0.6 |
sources:
CNVD: CNVD-2014-04505
SOURCES
| db: | CNVD | id: | CNVD-2014-04505 |
LAST UPDATE DATE
2022-05-17T01:43:22.395000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-04505 | date: | 2014-07-29T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-04505 | date: | 2014-07-23T00:00:00 |