Very Low
CVE-2020-6842
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2020-6842
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.
Add Assessment
Ratings
-
Attacker ValueVery Low
-
ExploitabilityLow
Technical Analysis
This analysis is a transcript of a public gist – Original Source – https://gist.github.com/jezzaaa/9d704400a7e23f988dfb4f73658678b8
D-Link DCH-M225 1.04 devices allow authenticated admins to
execute arbitrary OS commands via shell metacharacters in the media
renderer name.
[Additional Information]
The vendor has stated that the device has been discontinued (as of
April 2018), and that they won’t be patching.
I have requested the vendor confirm the exploit. They have not
responded to this question.
[VulnerabilityType Other]
command injection (missing input validation, escaping)
[Vendor of Product]
D-Link
[Affected Product Code Base]
DCH-M225 Wi-fi Range Extender – 1.04
[Attack Type]
Local
[Attack Vectors]
Login to the admin console (as admin), then set the “media renderer”
name to a string containing a single-quoted arbitrary command
prepended by a semicolon such as telnetd. The command runs as root.
[Reference]
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10152
https://www.dlink.com.au/home-solutions/dch-m225-wi-fi-audio-extender
https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf
https://www.dlink.com/en/security-bulletin
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- dlink
Products
- dch-m225 firmware
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
