Main Vulnerability Database Vulnerabilities #VU21577

OS Command Injection in DBA-1510P - CVE-2019-6013

Published: October 7, 2019

Vulnerability identifier: #VU21577

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-6013

CWE-ID: CWE-78

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: D-Link Japan K.K.

Affected software:
DBA-1510P

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the Command Line Interface (CLI). A remote authenticated user on adjacent network who can login to CLI of the device can execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2019-6013

Install updates from vendor's website.

Sources

https://jvn.jp/en/jp/JVN95875796/index.html

OS Command Injection in DBA-1510P - CVE-2019-6013

Detailed vulnerability description

How to mitigate CVE-2019-6013

Sources

Please verify you're human