CVE-2019-20501

High

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in…

mitre·CWE-78·Published 2020-03-05

CVSS

7.8

EPSS

0.90

KEV

Exploits

cve.orgen

264 chars

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.

NVDen

264 chars

NVDes

328 chars

Los dispositivos D-Link DWL-2600AP versión 4.2.0.15 Rev A, presentan una vulnerabilidad de inyección de comandos del Sistema Operativo autenticada por medio de la funcionalidad Upgrade Firmware en la interfaz web, utilizando metacaracteres de shell en el parámetro firmwareRestore o firmwareServerip de admin.cgi?action=upgrade.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.2	3.9	10.0	AV:L/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H