Back to search
CVE-2021-28144
Published: Mar 11, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.iot-inspector.com/blog/advisory-d-link-dir-3060/
x_refsource_MISC
20210311 [CVE-2021-28144] Authenticated Command Injection in D-Link DIR-3060 Web Interface
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now