Arbitrary Command Execution in D-Link DIR-655 C Devices

Arbitrary Command Execution in D-Link DIR-655 C Devices

CVE-2019-13561 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.

Learn more about our Web Application Penetration Testing UK.