Vulnerability Details CVE-2023-33625
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.879
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md
- https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection
- https://hackmd.io/%40naihsin/By2datZD2
- https://www.dlink.com/en/security-bulletin/
- https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md
- https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection
- https://hackmd.io/%40naihsin/By2datZD2
- https://www.dlink.com/en/security-bulletin/
Products affected by CVE-2023-33625
-
cpe:2.3:h:dlink:dir-600:b5
-
cpe:2.3:o:dlink:dir-600_firmware:2.18