CVE-2020-6841

CVE-2020-6841

EPSS 2.8%

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/jezzaaa/38c752d0a129576b2cc523ce6325050f https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10152