DLink Router DIR878 Vulnerability
This is a command injection vulnerability access from web server on 192.168.0.1.
detail
- /bin/proc.cgi handle user input from web server, and store it in nvram with a inadequate check.
- /lib/librcm.so get this value from nvram and do some strcat, execute it by
twsystemwithout check, which causes command injection.
poc
poc cannot be published according to Chinese laws.
ID
CVE-2022-43184
CNVD-2022-68294