52 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. Un problema en Dlink DIR-816A2 v.1.10CNB05 permite a un atacante remoto ejecutar código arbitrario a través del parámetro Wizardstep4_ssid_2 en la función sub_42DA54. • http://dir-816a2.com https://github.com/dkjiayu/Vul/blob/main/DIR816A2-dir_setWanWifi.md https://www.dlink.com https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiyuanhuaigu/cve/blob/main/rce.md https://vuldb.com/?ctiid.252139 https://vuldb.com/?id.252139 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.3EPSS: 0%CPEs: 88EXPL: 1

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/999zzzzz/D-Link https://vuldb.com/?ctiid.251542 https://vuldb.com/?id.251542 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. Se descubrió que D-Link DIR-816 A2 v1.10CNB05 contenía un Desbordamiento del Búfer a través del parámetro statuscheckpppoeuser en dir_setWanWifi. • https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/dir_setWanWifi/1.md https://www.dlink.com/en/security-bulletin • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC. Se descubrió que D-Link DIR-816 A2 v1.10CNB05 contenía un Desbordamiento del Búfer mediante el parámetro macCloneMac en setMAC. • https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/setMAC/1.md https://www.dlink.com/en/security-bulletin • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •