Vulnerability Details CVE-2020-24581
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.872
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 8.0
CVSS v2 Score 7.7
References
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
Products affected by CVE-2020-24581
-
cpe:2.3:h:dlink:dsl2888a:-
-
cpe:2.3:o:dlink:dsl2888a_firmware:*