Remote code execution bug in D-Link storage device

guest · Sep 20, 2019

Remote code execution bug resolved in D-Link storage device
Newly-disclosed vulnerability awarded highest possible CVSS severity rating
September 19, 2019
https://portswigger.net/daily-swig/remote-code-execution-bug-resolved-in-d-link-storage-device

A critical vulnerability present in D-Link DNS-320 ShareCenter devices has been resolved.

Impacting D-Link ShareCenter products running firmware versions 2.05.B10 and lower, the critical security flaw is tracked as CVE-2019-16057 and has been issued a CVSS v2.0 and CVSS v3.1 base score of 10.0 and 9.8, respectively.
In a blog post, Nguyen said that if the vulnerability is exploited “a remote, unauthenticated attacker can access all application commands with root permission.”

The severe vulnerability was reported to the vendor in mid-August.
D-Link requested additional information and confirmed the validity of the report by September 6, according to CyStack.
Click to expand...

Log in or Sign up

Remote code execution bug in D-Link storage device

guest Guest

Log in or Sign up

Remote code execution bug in D-Link storage device

guest Guest

Useful Searches