Multiple Remote Code Execution Vulnerabilities in D-Link ShareCenter

Release date:
Updated on:

Affected Systems:
D-Link DNS-320 ShareCenter
D-Link DNS-325 ShareCenter
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51918

D-Link is a network connection vendor for small, medium, and large enterprises. D-Link DNS-320 ShareCenter is a gigabit network memory.

D-Link ShareCenter does not perform any authentication on HTTP requests in CGI scripts. Multiple Remote Code Execution Vulnerabilities exist in implementation, after successful exploitation, DOS, information leakage, and arbitrary code execution may occur.

<* Source: Robert Paleari (roberto.paleari@emaze.net)

Link: http://www.securityfocus.com/archive/1/521532
*>

Test method:
--------------------------------------------------------------------------------
Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Http://www.example.com/cgi-bin/system_mgr.cgi? Cmd = cgi_sms_test & amp; command1 = ls
Http://www.example.com/cgi-bin/discovery.cgi
Http://www.example.com/cgi-bin/system_mgr.cgi? Cmd = get_firm_v_xml

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

D-Link
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.dlink.com/