D-Link NAS 漏洞列表

D-Link NAS设备的/cgi-bin/account_mgr.cgi接口处存在命令注入漏洞，未经身份验证的攻击者通过特制的HTTP请求可利用此漏洞执行任意系统命令，写入后门文件，获取服务器权限。 fofa: app="D_Link-DNS-ShareCenter"

D-LinkNAS存在命令执行漏洞，可获取系统权限。 fofa: "Text:In order to access the ShareCenter, please make sure you are using a recent browser(IE 7+, Firefox 3+, Safari 4+, Chrome 3+, Opera 10+)"。

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection.

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection.