CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-11017 – D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-11017
On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter. En los dispositivos D-Link DI-524 versión V 2.06 RU, múltiples vulnerabilidades almacenadas y reflejadas de tipo XSS se encontraron en la configuración Web:/SPAP.htm, /SMAP.htm, y /cgi-bin/SMAP, como lo demuestra el parámetro RC cgi-bin/SMAP. D-Link DI-524 version 2.06RU suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/46687 http://packetstormsecurity.com/files/152465/D-Link-DI-524-2.06RU-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 3CVE-2017-5633 – D-Link DI-524 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-5633
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. Múltiples vulnerabilidades de CSRF en el router wireless D-Link DI-524 con firmware 9.01 permiten a atacantes remotos (1) cambiar la contraseña de administrador, (2) reiniciar el dispositivo o (3) posiblemente tener otro impacto no especificado a través de peticiones manipuladas a programas CGI. • https://www.exploit-db.com/exploits/40983 https://github.com/cardangi/Exploit-CVE-2017-5633 http://seclists.org/fulldisclosure/2017/Feb/70 http://www.securityfocus.com/bid/96475 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1266
https://notcve.org/view.php?id=CVE-2008-1266
Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value. Múltiples desbordamientos de búfer en la interfaz web del router D-Link DI-524 permite a atacantes remotos provocar una denegación de servicio (caída de dispositivo) o posiblemente tener otros impactos no especificados a través de (1) un nombre de usuario largo o (2) una cabecera HTTP con un nombre largo y un valor vacío. • http://secunia.com/advisories/29366 http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded http://www.securityfocus.com/bid/28439 https://exchange.xforce.ibmcloud.com/vulnerabilities/41125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 36%CPEs: 7EXPL: 1CVE-2006-3687 – D-Link Routers - UPNP Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-3687
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. Desbordamiento de búfer basado en pila en el servicio Universal Plug and Play (UPnP) de D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router permite a atacantes remotos ejecutar código de su elección mediante una petición M-SEARCH larga al puerto UDP 1900. • https://www.exploit-db.com/exploits/28230 http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html http://secunia.com/advisories/21081 http://securitytracker.com/id?1016511 http://www.eeye.com/html/research/advisories/AD20060714.html http://www.kb.cert.org/vuls/id/971705 http://www.osvdb.org/27333 http://www.securityfocus.com/archive/1/440298/100/0/threaded http://www.securityfocus.com/archive/1/440852/100/100/threaded http://www.securityfocus.com/bid/19 •
CVSS: 5.0EPSS: 12%CPEs: 4EXPL: 3CVE-2005-4723 – D-Link Wireless Access Point - Fragmented UDP Denial of Service
https://notcve.org/view.php?id=CVE-2005-4723
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. • https://www.exploit-db.com/exploits/1496 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html http://secunia.com/advisories/18833 http://www.securityfocus.com/bid/16621 http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt http://www.vupen.com/english/advisories/2006/0563 https://exchange.xforce.ibmcloud.com/vulnerabilities/24631 •