This issue is due to the fact that the login.cgi script accepts unauthenticated input via the cli parameter passed on the command line. In addition to accepting the cli parameter, the device also permits access to the CGI via http, which allows remote attackers to issue arbitrary commands. These unauthenticated commands can be exploited to cause remote code execution. In certain vulnerable versions of the firmware, access to the remote CGI also allows unauthenticated command injection. These devices are prone to code injection attacks because the login.cgi script does not require authentication for all remote commands. However, these attacks are possible because the login.cgi script does not require authentication for all remote commands. Existing proof-of-concept scripts for these devices demonstrate how the login.cgi script can be used to access other administrative functions. In addition to the login.cgi script, these devices also permit remote attackers to access the device via ssh, which may be exploited for unauthenticated command execution. SSH access can be enabled as a part of setting up new devices or as a maintenance function. This issue is due to the fact that the login.cgi script accepts unauthenticated input via the cli parameter passed on the command line. In addition to accepting the cli parameter, the device also permits access to the CGI via http, which allows remote attackers to issue arbitrary commands
Vulnerability overview
This vulnerability affects multiple models of D-Link IP Cameras. This issue is due to the fact that the login.cgi script accepts unauthenticated input via the cli parameter passed on the command line. In addition to accepting the cli parameter, the device also permits access to the CGI via http, which allows remote attackers to issue arbitrary commands. These unauthenticated commands can be exploited to cause remote code execution. In certain vulnerable versions of the firmware, access to the remote CGI also allows unauthenticated command injection. These devices are prone to code injection attacks because the login.cgi script does not require authentication for all remote commands. However, these attacks are possible because the login.cgi script does not require authentication for all remote commands.
Vulnerable Devices
The following devices are vulnerable to CVE-2016-20017:
Magellan RoadMate RM 1055
Magellan RoadMate RM 1255
CVE-2016-20018
This issue is due to the fact that the web.cgi script accepts unauthenticated input via the cli parameter passed on the command line. In addition to accepting the cli parameter, the device also permits access to the CGI via http, which allows remote attackers to issue arbitrary commands. These unauthenticated commands can be exploited to cause remote code execution. In certain vulnerable versions of the firmware, access to the remote CGI also allows unauthenticated command injection. These devices are prone to code injection attacks because the web.cgi script does not require authentication for all remote commands. However, these attacks are possible because the web.cgi script does not require authentication for all remote commands. Existing proof-of-concept scripts for these devices demonstrate how the web.cgi script can be used to access other administrative functions in addition to performing HTTP GET requests against other parts of the device's configuration or running a custom application on it such as a webserver or database server
Timeline
Published on: 10/19/2022 05:15:00 UTC
Last modified on: 10/21/2022 20:19:00 UTC