CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 3CVE-2017-5633 – D-Link DI-524 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-5633
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. Múltiples vulnerabilidades de CSRF en el router wireless D-Link DI-524 con firmware 9.01 permiten a atacantes remotos (1) cambiar la contraseña de administrador, (2) reiniciar el dispositivo o (3) posiblemente tener otro impacto no especificado a través de peticiones manipuladas a programas CGI. • https://www.exploit-db.com/exploits/40983 https://github.com/cardangi/Exploit-CVE-2017-5633 http://seclists.org/fulldisclosure/2017/Feb/70 http://www.securityfocus.com/bid/96475 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 36%CPEs: 7EXPL: 1CVE-2006-3687 – D-Link Routers - UPNP Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-3687
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. Desbordamiento de búfer basado en pila en el servicio Universal Plug and Play (UPnP) de D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router permite a atacantes remotos ejecutar código de su elección mediante una petición M-SEARCH larga al puerto UDP 1900. • https://www.exploit-db.com/exploits/28230 http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html http://secunia.com/advisories/21081 http://securitytracker.com/id?1016511 http://www.eeye.com/html/research/advisories/AD20060714.html http://www.kb.cert.org/vuls/id/971705 http://www.osvdb.org/27333 http://www.securityfocus.com/archive/1/440298/100/0/threaded http://www.securityfocus.com/archive/1/440852/100/100/threaded http://www.securityfocus.com/bid/19 •
CVSS: 5.0EPSS: 12%CPEs: 4EXPL: 3CVE-2005-4723 – D-Link Wireless Access Point - Fragmented UDP Denial of Service
https://notcve.org/view.php?id=CVE-2005-4723
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. • https://www.exploit-db.com/exploits/1496 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html http://secunia.com/advisories/18833 http://www.securityfocus.com/bid/16621 http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt http://www.vupen.com/english/advisories/2006/0563 https://exchange.xforce.ibmcloud.com/vulnerabilities/24631 •