Main Vulnerability Database Vulnerabilities #VU21578

OS Command Injection in DBA-1510P - CVE-2019-6014

Published: October 7, 2019

Vulnerability identifier: #VU21578

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-6014

CWE-ID: CWE-78

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: D-Link Japan K.K.

Affected software:
DBA-1510P

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in Web User Interface. A remote attacker on adjacent network who can access Web User Interface of the affected device can execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2019-6014

Install updates from vendor's website.

Sources

https://jvn.jp/en/jp/JVN95875796/index.html

OS Command Injection in DBA-1510P - CVE-2019-6014

Detailed vulnerability description

How to mitigate CVE-2019-6014

Sources

Please verify you're human