CVE-2021-44127

Published March 27th, 2022

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

HIGH

Affected

PROJECT

Description

In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized.

t0ptop/DAP-1360

An authorization command injection vulnerability about DAP-1360

GitHub