Vulnerability Details CVE-2020-25367
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.301
EPSS Ranking 96.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-25367
-
cpe:2.3:h:dlink:dir-823g:-
-
cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05