Vulnerability Details CVE-2023-25280
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.918
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
Ransomware Campaign
Unknown
References
- https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20Inject%20in%20pingV4Msg
- https://www.dlink.com/en/security-bulletin/
- https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20Inject%20in%20pingV4Msg
- https://www.dlink.com/en/security-bulletin/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-25280
Products affected by CVE-2023-25280
-
cpe:2.3:h:dlink:dir-820l:-
-
cpe:2.3:o:dlink:dir-820l_firmware:1.05b03