HomePentest-Tools.com Logo

D-Link DIR-825 Rev Gx <= 7.12B01_Beta Multiple Vulnerabilities CVE-2021-46441CVE-2021-46442

Severity
CVSSv3 Score
9.8
Vulnerability description

D-Link DIR-825 revision Gx devices are prone to multiple router isolation bypass vulnerabilities.

Risk description

The following vulnerabilities exist in the webupg binary: - CVE-2021-46441: Because of the lack of parameter verification, attackers can use cmd parameters to execute arbitrary system commands after obtaining authorization. - CVE-2021-46442: Attackers can bypass authentication through parameters autoupgrade.asp, and perform functions such as downloading configuration files and updating firmware without authorization.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 27, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available