CVE-2022-40719 – This vulnerability allows network-adjacent attackers to execute arbitrary commands on affe …

26 January 2023

Vuln ID: CVE-2022-40719

Published: 2023-01-26 18:59:53Z

Description: This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906.

Source: NVD.NIST.GOV

Date:

26 January 2023

Categorie(s):

NVD

Tag(s):

NVD

Change Healthcare’s New Ransomware Nightmare Goes From Bad to Worse16 April 2024
Change Healthcare’s New Ransomware Nightmare Goes From Bad to Worse16 April 2024
Navigating the Cyber Typhoon: Safeguarding Data Amidst US-China Geo-Political Tensions.16 April 2024
New Vulnerability “LeakyCLI” Leaks AWS and Google Cloud Credentials16 April 2024
Trustifi’s Email Security Awareness Training – Empowering MSPs to Train & Protect Clients16 April 2024