Arbitrary Command Execution via Password Field in D-Link DCS-2121 Camera Firmware 1.04

Arbitrary Command Execution via Password Field in D-Link DCS-2121 Camera Firmware 1.04

CVE-2010-4964 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.

Learn more about our Web Application Penetration Testing UK.