HTTP: D-Link D-View executeWmicCmd Command Injection
This signature detects attempts to exploit a known vulnerability against D-Link. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the executeWmicCmd method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21821.
Short Name
HTTP:CTS:DLINK-DVIEW-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2024-5297 Command D-Link D-View Injection executeWmicCmd
Release Date
06/06/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3711
False Positive
Rarely