CVE-2015-2049

Dlink Dcs-931l Firmware < 1.04 - Unrestricted File Upload

Title source: rule

Description

Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappshardware

https://www.exploit-db.com/exploits/39192

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Mike Baucom, Allen Harper, J. Rach, bcoles · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_dcs931l_upload.rb

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10049

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/377348

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/39192/

Scores

EPSS 0.8287

EPSS Percentile 99.3%

Details

Status published

Products (1)

dlink/dcs-931l_firmware < 1.04

Published Feb 23, 2015

Tracked Since Feb 18, 2026