Skip to main content

Dch M225 Firmware

2 CVEs product

Monthly

CVE-2020-6842 HIGH This Week

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection D-Link Dch M225 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
2.3%
CVE-2020-6841 CRITICAL POC Act Now

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link PHP Dch M225 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
EPSS 2% CVSS 7.2
HIGH This Week

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection D-Link Dch M225 Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link PHP +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy