CVE-2023-32153 – D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This …

3 May 2024

Vuln ID: CVE-2023-32153

Published: 2024-05-03 02:15:19.840

Description: D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the handling of the EmailFrom parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19550.

Base Score: –

Vector:

Source: NVD.NIST.GOV

Date:

3 May 2024

Categorie(s):

NVD

Tag(s):

NVD

An attorney says she saw her library reading habits reflected in mobile ads. That’s not supposed to happen18 May 2024
Gawd, after that week, we wonder what’s next for China and the Western world18 May 2024
[FREE EBOOKS] Cyber Security and Network Security, Build Your Own Programming Language – Second Edition & Four More Best Selling Titles18 May 2024
US Official Warns a Cell Network Flaw Is Being Exploited for Spying18 May 2024
How two brothers allegedly swiped $25M in a 12-second Ethereum heist18 May 2024