Skip to content

Instantly share code, notes, and snippets.

@jezzaaa
jezzaaa / CVE-2020-6842 detail.txt
Last active Feb 23, 2020
CVE-2020-6842 - authenticated admin can execute arbitrary OS commands as root
View CVE-2020-6842 detail.txt
D-Link DCH-M225 1.04 devices allow authenticated admins to
execute arbitrary OS commands via shell metacharacters in the media
renderer name.
------------------------------------------
[Additional Information]
The vendor has stated that the device has been discontinued (as of
April 2018), and that they won't be patching.
@jezzaaa
jezzaaa / CVE-2020-6841 detail.txt
Last active Feb 23, 2020
CVE-2020-6841 - allow a local attacker to execute arbitrary OS commands as root
View CVE-2020-6841 detail.txt
D-Link DCH-M225 1.04 devices allow remote attackers to execute
arbitrary OS commands via shell metacharacters in the
spotifyConnect.php userName parameter.
------------------------------------------
[Additional Information]
From the local network (eg wifi), access the URL
http://ip-address/spotifyConnect.php with POST variables: