cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-0127,https://securityvulnerability.io/vulnerability/CVE-2023-0127,Command Injection Vulnerability in Device Firmware Update Interface,"A command injection flaw exists in the firmware_update command within the restricted telnet interface of the affected devices. This vulnerability allows an authenticated attacker to execute arbitrary commands with root privileges, potentially compromising the security and integrity of the device. Operators of these devices should monitor for exploit attempts and apply security patches provided by the vendor.",D-Link,D-Link DWL-2600AP with firmware v4.2.0.17,7.8,HIGH,0.002360000042244792,false,,false,false,false,,,false,false,,2023-02-11T00:00:00.000Z,0
CVE-2019-20499,https://securityvulnerability.io/vulnerability/CVE-2019-20499,Authenticated OS Command Injection in D-Link DWL-2600AP Device,"D-Link DWL-2600AP devices running version 4.2.0.15 Rev A are susceptible to an authenticated OS command injection vulnerability through the Restore Configuration feature in the web interface. Attackers can exploit this vulnerability by using shell metacharacters in the admin.cgi?action=config_restore parameters, potentially allowing unauthorized system commands to be executed. Proper security measures must be taken to safeguard network configurations and prevent exploitation.",D-Link,Dwl-2600ap Firmware,7.8,HIGH,0.9643700122833252,false,,false,false,true,2019-12-24T18:31:49.000Z,true,false,false,,2020-03-05T14:37:27.000Z,0
CVE-2019-20500,https://securityvulnerability.io/vulnerability/CVE-2019-20500,Authenticated OS Command Injection Vulnerability in D-Link Wireless Access Point,"D-Link DWL-2600AP devices running firmware version 4.2.0.15 Rev A are susceptible to an authenticated OS command injection vulnerability. This flaw is present in the Save Configuration feature of the web interface, where improper handling of user input allows attackers to exploit shell metacharacters within the 'admin.cgi?action=config_save' parameters, such as 'configBackup' or 'downloadServerip'. Successful exploitation can lead to unauthorized access and manipulation of system commands.",D-Link,Dwl-2600ap Firmware,7.8,HIGH,0.034710001200437546,true,2023-06-29T00:00:00.000Z,false,false,true,2023-06-29T00:00:00.000Z,true,false,false,,2020-03-05T14:37:00.000Z,0
CVE-2019-20501,https://securityvulnerability.io/vulnerability/CVE-2019-20501,Authenticated OS Command Injection on D-Link DWL-2600AP Devices,"The D-Link DWL-2600AP 4.2.0.15 Rev A has a vulnerability that allows authenticated users to execute arbitrary OS commands. This occurs through the Upgrade Firmware functionality found in the device's web interface, specifically by injecting shell metacharacters in the 'admin.cgi?action=upgrade' parameters such as 'firmwareRestore' or 'firmwareServerip'. Exploitation could lead to unauthorized access and control over the affected device.",D-Link,Dwl-2600ap Firmware,7.8,HIGH,0.002739999908953905,false,,false,false,false,,,false,false,,2020-03-05T14:36:08.000Z,0