CVSS: 5.3EPSS: 0%CPEs: 88EXPL: 1CVE-2024-0717 – D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
https://notcve.org/view.php?id=CVE-2024-0717
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/999zzzzz/D-Link https://vuldb.com/?ctiid.251542 https://vuldb.com/?id.251542 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 3CVE-2019-19742 – D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-19742
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. En los dispositivos D-Link DIR-615, la página de configuración de la cuenta de usuario es vulnerable a un ataque de tipo XSS ciego por medio del campo name. • https://www.exploit-db.com/exploits/47776 https://infosecsanyam.blogspot.com/2019/12/d-link-dir-615-wireless-router.html https://medium.com/%40infosecsanyam/d-link-dir-615-wireless-router-persistent-cross-site-scripting-6ee00f5c694d https://pastebin.com/edit/MZV6DNg7 https://www.dlink.com/en/security-bulletin https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 3CVE-2019-19743 – D-Link DIR-615 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-19743
On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal. En los dispositivos D-Link DIR-615, un usuario normal es capaz de crear un usuario root(admin) desde el portal de D-Link. • https://www.exploit-db.com/exploits/47778 http://seclists.org/fulldisclosure/2019/Dec/35 https://pastebin.com/wHiRGdEG https://www.dlink.com/en/security-bulletin https://www.infosecsanyam.blogspot.com/2019/12/d-link-dir-615-wireless-routervertical.html •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17353
https://notcve.org/view.php?id=CVE-2019-17353
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. Se detectó un problema en los dispositivos D-Link DIR-615 con la versión de firmware 20.05 y 20.07. La página wan.htm puede ser accedida directamente sin autenticación, lo que puede conllevar a la divulgación de información sobre la WAN, y también puede ser aprovechada por un atacante para modificar los campos de datos de la página. • https://github.com/d0x0/D-Link-DIR-615/blob/master/CVE-2019-17353 https://us.dlink.com/en/security-advisory https://www.dlink.com/en/security-bulletin https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15875
https://notcve.org/view.php?id=CVE-2018-15875
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request. Vulnerabilidad Cross-Site Scripting (XSS) en routers D-Link DIR-615 20.07 permite que los atacantes inyecten JavaScript en la página UPnP de administrador del router mediante el campo description en una petición SOAP UPnP AddPortMapping. • https://github.com/reevesrs24/cve/blob/master/D-Link_DIR-615/xss_UPnP/dlink_dir615_xss_upnp.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •