Vulnerability: D-Link DNS-320 - Unauthenticated Remote Code Execution
D-Link DNS-320 FW v2.06B01 Revision Ax is susceptible to a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution.
Impact
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected device.
Severity
critical
Verified
Unknown