D-Link DIR-825 Rev B <= 2.10 Multiple Vulnerabilities CVE-2019-9122CVE-2020-10213CVE-2020-10214CVE-2020-10215CVE-2020-10216
- CVSSv3 Score
- Vulnerability description
D-Link DIR-825 Rev. B devices are prone to multiple vulnerabilities.
- Risk description
The following vulnerabilities exist: - CVE-2019-9122: D-Link DIR-825 Rev.B devices allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request. - CVE-2020-10213: command injection vulnerability via POST request to set_sta_enrollee_pin.cgi - CVE-2020-10214: command injection vulnerability via POST request to ntp_sync.cgi - CVE-2020-10215: command injection vulnerability via POST request to dns_query.cgi - CVE-2020-10216: command injection vulnerability via POST request to system_time.cgi
No solution was made available by the vendor. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. The DIR-825 revision B model has entered the end-of-life process by the time these vulnerabilities were disclosed and therefore the vendor is unable to provide support or development to mitigate them.
- Not available