Unsupported D-Link routers vulnerable to RCE flaws

Multiple D-Link routers have vulnerabilities in their Common Gateway Interface (CGI) that if exploited could result in remote code execution. The Carnegie Mellon University Software Engineering Institute’s CERT/CC reported the CGI codes have two flaws: The /apply_sec.cgi code is exposed to unauthenticated users and the ping_ipaddr argument of the ping_test action fails to properly handle … Continue reading Unsupported D-Link routers vulnerable to RCE flaws