Home

Description

D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life.

PUBLISHED Reserved 2025-10-29 | Published 2025-10-29 | Updated 2025-10-29 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

Any version
affected

Credits

James Bercegay of GulfTech Research and Development finder

References

www.exploit-db.com/exploits/43845 exploit

qkl.seebug.org/vuldb/ssvid-97088 exploit

www.dlink.com/...sharecenter-4-bay-network-storage-enclosure product

github.com/...-Link DNS-343 ShareCenter 1.05 Remote Root.txt technical-description exploit

www.vulncheck.com/...-command-injection-via-goform-mail-test third-party-advisory

cve.org (CVE-2018-25120)

nvd.nist.gov (CVE-2018-25120)

Download JSON