CVE-2016-10182

An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.
References
Link Resource
http://www.securityfocus.com/bid/95877 Third Party Advisory VDB Entry
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html Exploit Technical Description Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-01-30 04:59

Updated : 2024-02-04 19:11


NVD link : CVE-2016-10182

Mitre link : CVE-2016-10182

CVE.ORG link : CVE-2016-10182


JSON object : View

Products Affected

dlink

  • dwr-932b_firmware
  • dwr-932b
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')