Exodus Intelligence

D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability

Exodus Advisories · 2024-01-25 · Read original ↗

ATT&CK techniques detected

1 predictions

T1190Exploit Public-Facing Application

91%

"d - link dap - 1650 subscribe ‘ callback ’ command injection vulnerability eip - 5a0f4b12 the d - link dap - 1650 contains a command injection vulnerability in the ‘ callback ’ parameter when handling upnp subscribe messages. an unauthenticated attacker can exploit this vulnerabi…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

EIP-5a0f4b12 The D-Link DAP-1650 contains a command injection vulnerability in the ‘Callback’ parameter when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. Vulnerability Identifier Exodus Intelligence: EIP-5a0f4b12 MITRE: CVE-2024-23625 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 8.3 Vendor References The affected product is end-of-life ... <a class="read-more" href="https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-subscribe-callback-command-injection-vulnerability/" title="D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability">Read more D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability</a> The post <a href="https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-subscribe-callback-command-injection-vulnerability/" rel="nofollow">D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability</a> appeared first on <a href="https://blog.exodusintel.com" rel="nofollow">Exodus Intelligence</a>.