Vulnerability Details CVE-2020-25368
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.415
EPSS Ranking 97.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-25368
-
cpe:2.3:h:dlink:dir-823g:a1
-
cpe:2.3:o:dlink:dir-823g_firmware:1.02b05