CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-33625
https://notcve.org/view.php?id=CVE-2023-33625
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. • https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection https://hackmd.io/%40naihsin/By2datZD2 https://www.dlink.com/en/security-bulletin https://attackerkb.com/topics/uqicA23ecz/cve-2023-33625 https://github.com/zcutlip/exploit-poc/tree/master/dlink/dir-815-a1/upnp-command-injection https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-rce-in-ssdpcgi-http-st-cve-2019-2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-33626
https://notcve.org/view.php?id=CVE-2023-33626
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. • https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •