CVE-2020-12774

CWE-78 — OS Command Injection3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.6%

top 31.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dsl-7740c Dlink Dsl-7740c Firmware

Timeline

PublishedJul 22

Latest updateMay 24

Description

D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5d-link/dsl-7740cDSL7740C.V6.TR069.20180723

▶NVDdlink/dsl-7740c_firmwarev6.tr069.20180723

🔴Vulnerability Details

GHSA

GHSA-cqgh-444q-45w8: D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command↗2022-05-24

▶

CVEList

D-Link DSL-7740C - Command Injection↗2020-07-22

▶