CVE-2019-9122
https://notcve.org/view.php?id=CVE-2019-9122
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request. Se ha descubierto un problema en dispositivos D-Link DIR-825 Rev.B 2.10. Permite que los atacantes remotos ejecuten comandos arbitrarios mediante el parámetro ntp_server en una petición POST en ntp_sync.cgi. • https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-825/command%20injection.md •
CVE-2019-9126
https://notcve.org/view.php?id=CVE-2019-9126
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN information of the device. Se ha descubierto un problema en dispositivos D-Link DIR-825 Rev.B 2.10. Hay una vulnerabilidad de divulgación de información mediante las peticiones para el documento router_info.xml. • https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-825/information%20disclosure.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-9123
https://notcve.org/view.php?id=CVE-2019-9123
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. Se ha descubierto un problema en dispositivos D-Link DIR-825 Rev.B 2.10. La cuenta "user" tiene una contraseña en blanco. • https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-825/Permission%20access%20control.md • CWE-521: Weak Password Requirements •