CVE-2023-43207

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dwl-6610ap_firmware:4.3.0.8b003c:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwl-6610ap:-:*:*:*:*:*:*:*

History

22 Sep 2023, 14:03

Type Values Removed Values Added
CWE CWE-77
CPE cpe:2.3:o:dlink:dwl-6610ap_firmware:4.3.0.8b003c:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwl-6610ap:-:*:*:*:*:*:*:*
First Time Dlink dwl-6610ap Firmware
Dlink dwl-6610ap
Dlink
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug3.md - (MISC) https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug3.md - Exploit, Third Party Advisory

20 Sep 2023, 14:25

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-20 14:15

Updated : 2024-09-25 01:36


NVD link : CVE-2023-43207

Mitre link : CVE-2023-43207

CVE.ORG link : CVE-2023-43207


JSON object : View

Products Affected

dlink

  • dwl-6610ap_firmware
  • dwl-6610ap
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')