CVEs-PoC/2021/CVE-2021-39510.md at dc6e2cf7158eeb24cfecb4d64f4f1da9a8a732e2

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-28 19:41:33 +02:00

Files

T

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.

POC

Reference

https://github.com/doudoudedi/main-DIR-816_A1_Command-injection
https://github.com/doudoudedi/main-DIR-816_A1_Command-injection/blob/main/injection_A1.md
https://www.dlink.com/en/security-bulletin/

Github

No PoCs found on GitHub currently.

936 B Raw Blame History

CVE-2021-39510

Description

POC

Reference

Github

936 B

Raw Blame History