Command Injection Vulnerability in D-Link DIR-823G Devices with Firmware V1.0.2B05

Command Injection Vulnerability in D-Link DIR-823G Devices with Firmware V1.0.2B05

CVE-2020-25367 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.

Learn more about our Web App Pen Testing.