jezzaaa
jezzaaa
/ CVE-2020-6842 detail.txt
Last active
February 23, 2020 23:21
CVE-2020-6842 - authenticated admin can execute arbitrary OS commands as root
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| D-Link DCH-M225 1.04 devices allow authenticated admins to | |
| execute arbitrary OS commands via shell metacharacters in the media | |
| renderer name. | |
| ------------------------------------------ | |
| [Additional Information] | |
| The vendor has stated that the device has been discontinued (as of | |
| April 2018), and that they won't be patching. |
jezzaaa
/ CVE-2020-6841 detail.txt
Last active
February 23, 2020 23:20
CVE-2020-6841 - allow a local attacker to execute arbitrary OS commands as root
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| D-Link DCH-M225 1.04 devices allow remote attackers to execute | |
| arbitrary OS commands via shell metacharacters in the | |
| spotifyConnect.php userName parameter. | |
| ------------------------------------------ | |
| [Additional Information] | |
| From the local network (eg wifi), access the URL | |
| http://ip-address/spotifyConnect.php with POST variables: |