CVE-2023-0127

CWE-77 — Command Injection3 documents3 sources

Severity

7.8HIGH

EPSS

1.3%

top 20.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dwl-2600ap Firmware

Timeline

PublishedFeb 11

Description

A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDdlink/dwl-2600ap_firmware4.2.0.17

▶CVEListV5d-link_dwl-2600ap_with_firmware_v4.2.0.17DWL-2600AP with firmware version v.4.2.0.17

🔴Vulnerability Details

CVEList

CVE-2023-0127: A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to exe↗2023-02-11

▶

GHSA

GHSA-7q57-q766-r9gh: A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to exe↗2023-02-11

▶