CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0769 – D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal
https://notcve.org/view.php?id=CVE-2024-0769
A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. • https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371 https://vuldb.com/?ctiid.251666 https://vuldb.com/?id.251666 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-39638
https://notcve.org/view.php?id=CVE-2023-39638
D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin. Se descubrió que D-LINK DIR-859 A1 1.05 y A1 1.06B01 Beta01 contiene una vulnerabilidad de inyección de comandos a través de la función lxmldbc_system en /htdocs/cgibin. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-859 https://github.com/mmmmmx1/dlink/blob/main/dir-859/readme.md https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36092
https://notcve.org/view.php?id=CVE-2023-36092
Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. • https://www.dlink.com/en/security-bulletin https://www.dlink.com/en/support • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2022-46476
https://notcve.org/view.php?id=CVE-2022-46476
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. • https://github.com/Insight8991/iot/blob/main/dir859%20Command%20Execution%20Vulnerability.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-25106
https://notcve.org/view.php?id=CVE-2022-25106
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. Se ha detectado que D-Link DIR-859 versión v1.05, contiene un desbordamiento de búfer en la versión stack de la memoria por medio de la función genacgi_main. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio de una carga útil diseñada • https://github.com/chunklhit/cve/blob/master/dlink/DIR859/BufferOverflow.md https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10267 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •