CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39665
https://notcve.org/view.php?id=CVE-2023-39665
18 Aug 2023 — D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter. Se descubrió que D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 contiene un desbordamiento de búfer a través del parámetro acStack_50. • https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L-bufferoverflow.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39667
https://notcve.org/view.php?id=CVE-2023-39667
18 Aug 2023 — D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function. Se descubrió que D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 contiene un desbordamiento de búfer a través del parámetro param_2 en la función FUN_0000acb4. • https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L%20httpd-Improper%20Input%20Validation.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39668
https://notcve.org/view.php?id=CVE-2023-39668
18 Aug 2023 — D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function. Se descubrió que D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 contiene un desbordamiento de búfer a través del parámetro param_2 en la función inet_ntoa(). • https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L%20Buffer%20overflow%202.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29856
https://notcve.org/view.php?id=CVE-2023-29856
02 May 2023 — D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10325 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2019-20213
https://notcve.org/view.php?id=CVE-2019-20213
02 Jan 2020 — D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php. • https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 92%CPEs: 37EXPL: 4CVE-2019-17621 – D-Link DIR-859 Router Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-17621
30 Dec 2019 — The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SU... • https://packetstorm.news/files/id/156054 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-16190
https://notcve.org/view.php?id=CVE-2019-16190
09 Sep 2019 — SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. SharePort Web Access sobre dispositivos D-Link DIR-868L REVB versiones hasta 2.03, DIR-885L REVA versiones hasta 1.20, y DIR-895L REVA versiones hasta 1.21, permite la omisión de autenticación, como es demostrado por una petición directa al archivo folder_view.php o category_vie... • https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 10%CPEs: 10EXPL: 2CVE-2019-7642
https://notcve.org/view.php?id=CVE-2019-7642
25 Mar 2019 — D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). Los routers D-Link con la funcionalidad mydlink presentan algunas interfaces web sin requerimientos de autenticación. • https://github.com/xw77cve/CVE-2019-7642 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10957
https://notcve.org/view.php?id=CVE-2018-10957
10 May 2018 — CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. Existe Cross-Site Request Forgery (CSRF) en dispositivos D-Link DIR-868L que conduce a, por ejemplo, un cambio en la contraseña de administrador. hedwig.cgi y pigwidgeon.cgi son dos de los componentes afectados. • https://packetstormsecurity.com/files/147525/D-Link-DIR-868L-1.12-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2018-6527
https://notcve.org/view.php?id=CVE-2018-6527
06 Mar 2018 — XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/adv_parent_ctrl_map.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRM... • ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •