CVSS: 5.3EPSS: 21%CPEs: 88EXPL: 1CVE-2024-0717 – D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
https://notcve.org/view.php?id=CVE-2024-0717
19 Jan 2024 — A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, D... • https://github.com/999zzzzz/D-Link • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2021-37388
https://notcve.org/view.php?id=CVE-2021-37388
06 Aug 2021 — A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution. Un desbordamiento del búfer en D-Link DIR-615 C2 versión 3.03WW. El parámetro ping_ipaddr en la petición POST del archivo ping_response.cgi permite a un atacante bloquear el servidor web e incluso obtener una ejecución de código remota • https://github.com/noobexploiter/IOTHACKS/blob/main/vuln1.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1CVE-2018-10431
https://notcve.org/view.php?id=CVE-2018-10431
26 Apr 2018 — D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. Los dispositivos D-Link DIR-615 2.5.17 permite la ejecución remota de código mediante metacaracteres shell en el campo Host de la pantalla System / Traceroute. • https://github.com/imsebao/404team/blob/master/dlink/dlink_dir615_rce.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 94%CPEs: 62EXPL: 2CVE-2014-8361 – Realtek SDK Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2014-8361
24 Apr 2015 — The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability. The specific... • https://packetstorm.news/files/id/132090 •