Arbitrary OS Command Execution in D-Link DIR-619L and DIR-605L Devices

Arbitrary OS Command Execution in D-Link DIR-619L and DIR-605L Devices

CVE-2018-20057 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter.

Learn more about our User Device Pen Test.