D-Link DIR-842V2 v1.0.3 was discovered to allow a user to run an arbitrary binary when connecting to telnet. This vulnerability can be triggered using backup/restore functionality.
- Dec 09, 2022 - Contact vendor
- Dec 09, 2022 - Received response from vendor
- Dec 10, 2022 - Sent vulnerability report to vendor
- Feb 09, 2023 - Requested a status update from vendor
- Mar 29, 2023 - Requested a status update from vendor
- Mar 29, 2023 - Received a status update
- Mar 31, 2023 - Received a potentially fixed firmware from vendor
- Apr 03, 2023 - Reported to vendor that the new firmware fixes the vulnerability
- Apr 06, 2023 - Received response from vendor
- May 25, 2023 - Assigned CVE
- Jun 03, 2023 - Published exploit