COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2020-25367

CVE-2020-25367

Severity
critical
Source
NVD · cve
Published
2021-11-04
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-25367
⚡ RCE shame 50/100 rce

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.

Players implicated

dlink · vendordir-823g · productdir-823g firmware · product

Description

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.

Sentiment · trusted sources

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.