Description

D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life.

INFO

Published Date :

2025-10-29T18:39:03.581Z

Last Modified :

2026-04-07T14:03:46.588Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2018-25120 vulnerability.

Vendors Products
D-link
  • Dns-343
  • Dns-343 Sharecenter
Dlink
  • Dns-343
  • Dns-343 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2018-25120.

URL Resource
https://github.com/jamesbercegay/advisories/blob/master/%5BGTSA-00128%5D%20D-Link%20DNS-343%20ShareCenter%201.05%20Remote%20Root.txt cve-icon cve-icon
https://qkl.seebug.org/vuldb/ssvid-97088 cve-icon cve-icon
https://www.dlink.com/al/sq/products/dns-343-sharecenter-4-bay-network-storage-enclosure cve-icon cve-icon
https://www.exploit-db.com/exploits/43845 cve-icon cve-icon
https://www.vulncheck.com/advisories/dlink-dns343-sharecenter-command-injection-via-goform-mail-test cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact