6 results (0.004 seconds)

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1

D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. Se ha detectado que D-Link DIR-859 versión v1.05, contiene un desbordamiento de búfer en la versión stack de la memoria por medio de la función genacgi_main. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio de una carga útil diseñada • https://github.com/chunklhit/cve/blob/master/dlink/DIR859/BufferOverflow.md https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10267 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. Los dispositivos D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permiten a atacantes remotos ejecutar comandos arbitrarios del Sistema Operativo por medio de la urn: en el método M-SEARCH en la función ssdpcgi() en el archivo /htdocs/cgibin, porque SERVER_ID se maneja inapropiadamente. El valor de la urn: service/device es verificado con la función strstr, lo que permite a un atacante concatenar comandos arbitrarios separados por metacaracteres de shell. • https://medium.com/%40s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-en-6bca043500ae https://medium.com/%40s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-es-e11ca6168d35 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. Los dispositivos D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permiten a atacantes remotos ejecutar comandos arbitrarios del Sistema Operativo por medio de la urn: en el método M-SEARCH en la función ssdpcgi() en el archivo /htdocs/cgibin, porque REMOTE_PORT se maneja inapropiadamente. El valor de la urn: service/device es verificado con la función strstr, lo que permite a un atacante concatenar comandos arbitrarios separados por metacaracteres de shell. • https://medium.com/%40s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-en-6bca043500ae https://medium.com/%40s1kr10s/d-link-dir-859-rce-unauthenticated-cve-2019-20216-cve-2019-20217-es-e11ca6168d35 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 94%CPEs: 3EXPL: 1

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. Los dispositivos D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permiten a atacantes remotos ejecutar comandos arbitrarios del Sistema Operativo por medio de una urn: en el método M-SEARCH en la función ssdpcgi() en el archivo /htdocs/cgibin, porque HTTP_ST se maneja inapropiadamente. El valor de la urn: service/device es verificado con la función strstr, lo que permite a un atacante concatenar comandos arbitrarios separados por metacaracteres de shell. • https://www.exploit-db.com/exploits/48037 http://packetstormsecurity.com/files/156250/D-Link-ssdpcgi-Unauthenticated-Remote-Command-Execution.html https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-rce-in-ssdpcgi-http-st-cve-2019-20215-en-2e799acb8a73 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 https://attackerkb.com/topics/uqicA23ecz/cve-2023-33625 https://github.com/zcutlip/exploit-poc/tree/master/dlink/dir-815-a1/upnp-command-injection https://medium.co • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0

D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php. • https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-863: Incorrect Authorization •