ID
VAR-E-201901-0505
CVE
| cve_id: | CVE-2019-7297 | Trust: 0.3 |
TITLE
Multiple D-Link Products CVE-2019-7297 Remote Command Injection Vulnerability
Trust: 0.3
DESCRIPTION
Multiple D-Link products are prone to a command-injection vulnerability.
Exploiting this issue could allow an attacker to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions.
D-Link DIR-823G devices with firmware through 1.02B03 are vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | d link | model: | dir-823g 1.02b03 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dir-823g 1.02b01 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dir-823g 1.01b02 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dir-823g 1.00b02 | scope: | - | version: | - | Trust: 0.3 |
EXPLOIT
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
David Chen (360 Enterprise Security Group)
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-7297 | Trust: 0.3 |
| db: | BID | id: | 106815 | Trust: 0.3 |
REFERENCES
| url: | https://github.com/leonw7/d-link/blob/master/vul_1.md | Trust: 0.3 |
| url: | http://www.dlink.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 106815 |
LAST UPDATE DATE
2022-07-27T09:39:51.016000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 106815 | date: | 2019-01-31T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 106815 | date: | 2019-01-31T00:00:00 |