NotCVE - vendor:"Dlink" product:"Dir-868l Firmware" version:" <= a1

8 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0

CVE-2019-20213

https://notcve.org/view.php?id=CVE-2019-20213

D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php. • https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-863: Incorrect Authorization •

CVSS: 10.0EPSS: 96%CPEs: 37EXPL: 3

CVE-2019-17621 – D-Link DIR-859 Router Command Execution Vulnerability

https://notcve.org/view.php?id=CVE-2019-17621

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SUBSCRIBE especialmente diseñada en el servicio UPnP cuando se conecta a la red local. D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials. D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. • https://github.com/Squirre17/CVE-2019-17621 http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104 https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 https://www& • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2019-16190

https://notcve.org/view.php?id=CVE-2019-16190

SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. SharePort Web Access sobre dispositivos D-Link DIR-868L REVB versiones hasta 2.03, DIR-885L REVA versiones hasta 1.20, y DIR-895L REVA versiones hasta 1.21, permite la omisión de autenticación, como es demostrado por una petición directa al archivo folder_view.php o category_view.php. • https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1

CVE-2018-6529

https://notcve.org/view.php?id=CVE-2018-6529

XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/bsc_sms_inbox.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro Treturn manipulado en soap.cgi. • ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1

CVE-2018-6527

https://notcve.org/view.php?id=CVE-2018-6527

XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/adv_parent_ctrl_map.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro deviceid manipulado en soap.cgi. • ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2