CVSS: 9.8EPSS: 3%CPEs: 40EXPL: 1CVE-2024-8130 – D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3 command injection
https://notcve.org/view.php?id=CVE-2024-8130
24 Aug 2024 — A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_s3 of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_a_key leads to command injection. The attack can be launched rem... • https://vuldb.com/?id.275701 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-3274 – D-Link DNS-320L/DNS-320LW/DNS-327L HTTP GET Request info.cgi information disclosure
https://notcve.org/view.php?id=CVE-2024-3274
04 Apr 2024 — A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/netsecfish/info_cgi • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 16%CPEs: 10EXPL: 0CVE-2014-7859
https://notcve.org/view.php?id=CVE-2014-7859
28 May 2015 — Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values. Un desbordamiento de búfer basado en pila en login_mgr.cgi en D-Link firmware DNR-320L y DNS-320LW en versiones anteriores a la 1.04b08, DNR-322L en versiones anteriores a la 2.10 build 03, DNR-326 en versiones a... • http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2014-7857
https://notcve.org/view.php?id=CVE-2014-7857
28 May 2015 — D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. DNS-320L firmware anterior a la versión 1.04b12, DNS-327L anterior a la versión 1.03b04 Build0119, DNR-326 versión 1.40b03, DNS-320B versió... • http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-7860
https://notcve.org/view.php?id=CVE-2014-7860
28 May 2015 — The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. El script web/web_file/fb_publish.php en D-Link DNS-320L en versiones anteriores a la 1.04b12 y DNS-327L en versiones anteriores a la 1.03b04 Build0119 no autentica peticiones. Esto permite que atacantes remotos obtengan f... • http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •