Details of VAR-190001-1101

ID

VAR-190001-1101

TITLE

D-Link ShareCenter Product Remote Code Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2012-0508

DESCRIPTION

D-Link ShareCenter is a network storage device. D-Link ShareCenter does not perform proper verification check on accessing existing CGI scripts (/cgi directory). Attackers can access the following resources to obtain the device model and firmware version: http://<device IP address>/cgi-bin/ Discovery.cgihttp://<device IP address>/cgi-bin/system_mgr.cgi?cmd=get_firm_v_xml Another undocumented feature allows arbitrary commands to be executed, such as: http://<device IP address>/cgi-bin/system_mgr .cgi?cmd=cgi_sms_test. D-Link ShareCenter products are prone to multiple remote code-execution vulnerabilities. Successful exploits will result in the execution of arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. The following products are affected: D-Link DNS-320 ShareCenter D-Link DNS-325 ShareCenter

Trust: 0.81

sources: CNVD: CNVD-2012-0508 // BID: 51918

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-0508

AFFECTED PRODUCTS

vendor:	d link	model:	dns-320 sharecenter	scope:	eq	version:	0	Trust: 0.9
vendor:	d link	model:	dns-325 sharecenter	scope:	eq	version:	0	Trust: 0.9

sources: CNVD: CNVD-2012-0508 // BID: 51918

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-154

TYPE

Unknown

Trust: 0.3

sources: BID: 51918

EXTERNAL IDS

db:	BID	id:	51918	Trust: 1.5
db:	CNVD	id:	CNVD-2012-0508	Trust: 0.6
db:	CNNVD	id:	CNNVD-201202-154	Trust: 0.6

sources: CNVD: CNVD-2012-0508 // BID: 51918 // CNNVD: CNNVD-201202-154

REFERENCES

url:	http://www.securityfocus.com/archive/1/521532	Trust: 0.6
url:	http://www.securityfocus.com/bid/51918	Trust: 0.6
url:	http://sharecenter.dlink.com/	Trust: 0.3
url:	/archive/1/521532	Trust: 0.3

sources: CNVD: CNVD-2012-0508 // BID: 51918 // CNNVD: CNNVD-201202-154

CREDITS

Roberto Paleari

Trust: 0.9

sources: BID: 51918 // CNNVD: CNNVD-201202-154

SOURCES

db:	CNVD	id:	CNVD-2012-0508
db:	BID	id:	51918
db:	CNNVD	id:	CNNVD-201202-154

LAST UPDATE DATE

2022-05-17T02:05:40.313000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0508	date:	2012-02-10T00:00:00
db:	BID	id:	51918	date:	2012-02-08T00:00:00
db:	CNNVD	id:	CNNVD-201202-154	date:	2012-02-10T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-0508	date:	2012-02-10T00:00:00
db:	BID	id:	51918	date:	2012-02-08T00:00:00
db:	CNNVD	id:	CNNVD-201202-154	date:	1900-01-01T00:00:00