CVE-2018-17068
published 2018-09-15CVE-2018-17068: An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dir-816_a2_firmware | — | — |