CVE-2021-44127

2022-03-2719:39:54

mitre

www.cve.org

dlink dap-1360

firmware

webupg

binary

arbitrary system commands

AI Score

9.9

Confidence

High

EPSS

0.003

Percentile

68.9%

JSON

In DLink DAP-1360 F1 firmware version <=v6.10 in the “webupg” binary, an attacker can use the “file” parameter to execute arbitrary system commands when the parameter is “name=deleteFile” after being authorized.

References

github.com/tgp-top/DAP-1360/blob/main/README.md

www.dlink.com/en/security-bulletin/