mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 19:16:22 +00:00
22 lines
1.1 KiB
Markdown
22 lines
1.1 KiB
Markdown
|
### [CVE-2019-8317](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8317)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv6Settings API function, as demonstrated by shell metacharacters in the DestNetwork field.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
No PoCs from references.
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/ARPSyndicate/cvemon
|
||
|
|
- https://github.com/E4ck/vuls
|
||
|
|
- https://github.com/leonW7/D-Link
|
||
|
|
- https://github.com/leonW7/vuls-1
|
||
|
|
- https://github.com/raystyle/vuls
|
||
|
|
|