Vulnerability CVE-2021-44127


Published: 2022-03-27

Description:
In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized.

Type:

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://www.dlink.com/en/security-bulletin/
https://github.com/tgp-top/DAP-1360/blob/main/README.md

Copyright 2026, cxsecurity.com

 

Back to Top