CVSS: 10.0EPSS: 97%CPEs: 12EXPL: 1CVE-2021-45382 – D-Link Multiple Routers Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-45382
17 Feb 2022 — A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched. Se presenta una vulnerabilidad de Ejecución de Comandos Remota (RCE) en todas las revisiones H/W de la serie de r... • https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command_injection.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 95%CPEs: 36EXPL: 4CVE-2015-1187 – D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1187
02 Mar 2015 — The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. La herramienta de ping en múltiples dispositivos D-Link y TRENDnet permite que los atacantes remotos ejecuten código arbitrario mediante el parámetro ping_addr a ping.ccp. D-Link DIR636L suffers from a remote command injection vulnerability. The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. • https://packetstorm.news/files/id/131465 • CWE-287: Improper Authentication •