ID
VAR-201801-1836
TITLE
D-Link DSL-6850U Router Remote Command Execution Vulnerability
Trust: 0.6
DESCRIPTION
D-LinkDSL-6850U is a wireless router product of D-Link. D-LinkDSL-6850U Router Remote Command Execution Vulnerability. Since the router has the remote web management service enabled by default, the service has the default credentials support:support and cannot be disabled. The attacker can log in to the router's web management interface through the default credentials, and then manually open the Wan port telnet service that is turned off by default. After logging in to the telnet service, you can use the && or || command sandbox escape to get full shell permissions.
Trust: 0.6
IOT TAXONOMY
| category: | ['IoT', 'Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | d link | model: | dsl-6850u | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | Patch for D-LinkDSL-6850U Router Remote Command Execution Vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/112429 | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2018-00175 | Trust: 0.6 |
REFERENCES
| url: | https://blogs.securiteam.com/index.php/archives/3588 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2018-00175 |
LAST UPDATE DATE
2022-05-04T10:04:28.420000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-00175 | date: | 2018-01-04T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2018-00175 | date: | 2018-01-04T00:00:00 |