CVSS: 10.0EPSS: 96%CPEs: 12EXPL: 1CVE-2021-45382 – D-Link Multiple Routers Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-45382
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched. Se presenta una vulnerabilidad de Ejecución de Comandos Remota (RCE) en todas las revisiones H/W de la serie de routers D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L y DIR-836L por medio de la función DDNS en el archivo binario ncc2. Nota: Los DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, todas las revisiones de hardware, han llegado al final de su vida útil ("EOL") / fin de la vida útil ("EOS") y, por lo tanto, este problema no será parcheado A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file. • https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command_injection.md https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10264 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 94%CPEs: 36EXPL: 2CVE-2015-1187 – D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1187
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. La herramienta de ping en múltiples dispositivos D-Link y TRENDnet permite que los atacantes remotos ejecuten código arbitrario mediante el parámetro ping_addr a ping.ccp. D-Link DIR636L suffers from a remote command injection vulnerability. The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. • https://www.exploit-db.com/exploits/41677 http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html http://seclists.org/fulldisclosure/2015/Mar/15 http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052 http://www.securityfocus.com/bid/72848 https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2 https://seclists.org/fulldisclosure/2015/Mar/15 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4772
https://notcve.org/view.php?id=CVE-2013-4772
D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active. D-Link DIR-505L SharePort Mobile Companion 1.01 y DIR-826L Wireless N600 Cloud Router 1.02 permite a atacantes remotos evadir autenticación a través de una solicitud directa cuando una sesión autorizada está activa. • http://packetstormsecurity.com/files/122314/D-Link-DIR-505L-DIR-826L-Authentication-Bypass.html • CWE-287: Improper Authentication •