t0ptop/DAP-1360

Releases0

Stars2

An authorization command injection vulnerability about DAP-1360

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-44127 ↗	Mar 27, 2022Sunday, 27 March 2022, 20:15	9.8 CRITICAL	10 HIGH
In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized.