CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39665
https://notcve.org/view.php?id=CVE-2023-39665
18 Aug 2023 — D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter. Se descubrió que D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 contiene un desbordamiento de búfer a través del parámetro acStack_50. • https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L-bufferoverflow.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39667
https://notcve.org/view.php?id=CVE-2023-39667
18 Aug 2023 — D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function. Se descubrió que D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 contiene un desbordamiento de búfer a través del parámetro param_2 en la función FUN_0000acb4. • https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L%20httpd-Improper%20Input%20Validation.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39668
https://notcve.org/view.php?id=CVE-2023-39668
18 Aug 2023 — D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function. Se descubrió que D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 contiene un desbordamiento de búfer a través del parámetro param_2 en la función inet_ntoa(). • https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L%20Buffer%20overflow%202.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29856
https://notcve.org/view.php?id=CVE-2023-29856
02 May 2023 — D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10325 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2019-20213
https://notcve.org/view.php?id=CVE-2019-20213
02 Jan 2020 — D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php. • https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 92%CPEs: 37EXPL: 4CVE-2019-17621 – D-Link DIR-859 Router Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-17621
30 Dec 2019 — The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SU... • https://packetstorm.news/files/id/156054 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-16190
https://notcve.org/view.php?id=CVE-2019-16190
09 Sep 2019 — SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. SharePort Web Access sobre dispositivos D-Link DIR-868L REVB versiones hasta 2.03, DIR-885L REVA versiones hasta 1.20, y DIR-895L REVA versiones hasta 1.21, permite la omisión de autenticación, como es demostrado por una petición directa al archivo folder_view.php o category_vie... • https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10957
https://notcve.org/view.php?id=CVE-2018-10957
10 May 2018 — CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. Existe Cross-Site Request Forgery (CSRF) en dispositivos D-Link DIR-868L que conduce a, por ejemplo, un cambio en la contraseña de administrador. hedwig.cgi y pigwidgeon.cgi son dos de los componentes afectados. • https://packetstormsecurity.com/files/147525/D-Link-DIR-868L-1.12-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2018-6527
https://notcve.org/view.php?id=CVE-2018-6527
06 Mar 2018 — XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/adv_parent_ctrl_map.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRM... • ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2018-6528
https://notcve.org/view.php?id=CVE-2018-6528
06 Mar 2018 — XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/body/bsc_sms_send.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH... • ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •