Vulnerability: D-Link DNS-320 - Unauthenticated Remote Code Execution

D-Link DNS-320 FW v2.06B01 Revision Ax is susceptible to a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution.

Impact

Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected device.

Severity

critical

Verified

Unknown