Vulnerabilities > CVE-2019-9122 - Unspecified vulnerability in Dlink Dir-825 Rev.B Firmware 2.10

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

dlink

NVD

Published: 2019-02-25

Updated: 2023-04-27

Summary

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request.

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DIR 825 Rev.B Firmware 2.10	1
Hardware	Dlink Dlink DIR 825 Rev.B -	1

References

https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-825/command%20injection.md