CVSS: 8.1EPSS: 2%CPEs: 2EXPL: 3CVE-2018-10641 – D-Link DIR-601 Failed Password Change Control
https://notcve.org/view.php?id=CVE-2018-10641
04 May 2018 — D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. Los dispositivos D-Link DIR-601 A1 1.02NA no requieren la contraseña antigua para cambiarla, lo que ocurre en texto claro. • https://advancedpersistentsecurity.net/cve-2018-10641 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2016-10405
https://notcve.org/view.php?id=CVE-2016-10405
07 Sep 2017 — Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors. Una vulnerabilidad de fijación de sesión en los routers D-Link DIR-600L (rev. Ax) con firmware anterior al FW1.17.B01 permite a los ataques remotos secuestrar sesiones web mediante vectores no especificados. • ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-600L/DIR-600L_REVA_FIRMWARE_PATCH_NOTES_1.17.B01_EN_WW.PDF • CWE-384: Session Fixation •
CVSS: 10.0EPSS: 94%CPEs: 62EXPL: 2CVE-2014-8361 – Realtek SDK Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2014-8361
24 Apr 2015 — The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability. The specific... • https://packetstorm.news/files/id/132090 •