How severe is CVE-2023-34278?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2023-34278?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2023-34278 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20556.

Related Vulnerabilities

CVE-2017-10811

MEDIUM

CVSS:6.8(Medium)

Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors.

CWE-782017

CVE-2017-10813

MEDIUM

CVSS:6.8(Medium)

CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

CWE-782017

CVE-2017-2152

MEDIUM

CVSS:6.8(Medium)

WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.

CWE-782017

CVE-2018-0512

MEDIUM

CVSS:6.8(Medium)

Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors.

CWE-782018

CVE-2018-0677

MEDIUM

CVSS:6.8(Medium)

BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.

CWE-782018

CVE-2018-14998

MEDIUM

CVSS:6.8(Medium)

The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve c...

CWE-782018