Details of VAR-E-201902-0416

ID

VAR-E-201902-0416

CVE

cve_id:

CVE-2019-7298

Trust: 0.3

sources: BID: 106814

TITLE

Multiple D-Link Products CVE-2019-7298 Remote Command Injection Vulnerability

Trust: 0.3

sources: BID: 106814

DESCRIPTION

Multiple D-Link Products are prone to a command-injection vulnerability.
Exploiting this issue could allow an attacker to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions.
D-Link DIR-823G devices with firmware through 1.02B03 are vulnerable.

Trust: 0.3

sources: BID: 106814

AFFECTED PRODUCTS

vendor:	d link	model:	dir-823g 1.02b03	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-823g 1.02b01	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-823g 1.01b02	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-823g 1.00b02	scope:	-	version:	-	Trust: 0.3

sources: BID: 106814

EXPLOIT

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

Trust: 0.3

sources: BID: 106814

PRICE

Free

Trust: 0.3

sources: BID: 106814

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 106814

CREDITS

David Chen (360 Enterprise Security Group)

Trust: 0.3

sources: BID: 106814

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7298	Trust: 0.3
db:	BID	id:	106814	Trust: 0.3

sources: BID: 106814

REFERENCES

url:	https://github.com/leonw7/d-link/blob/master/vul_2.md	Trust: 0.3
url:	http://www.dlink.com/	Trust: 0.3

sources: BID: 106814

SOURCES

db:

BID

id:

106814

LAST UPDATE DATE

2022-07-27T09:58:17.178000+00:00

SOURCES UPDATE DATE

db:

BID

id:

106814

date:

2019-02-01T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

106814

date:

2019-02-01T00:00:00