diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.
Advisories
Source ID Title
EUVD EUVD EUVD-2018-17143 diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T05:33:44.179Z

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5371

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-01-12T09:29:01.853

Modified: 2024-11-21T04:08:40.747

Link: CVE-2018-5371

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.