CVSS: 5.3EPSS: 0%CPEs: 88EXPL: 1CVE-2024-0717 – D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
https://notcve.org/view.php?id=CVE-2024-0717
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/999zzzzz/D-Link https://vuldb.com/?ctiid.251542 https://vuldb.com/?id.251542 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24798
https://notcve.org/view.php?id=CVE-2023-24798
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. • https://github.com/DrizzlingSun/D-link/blob/main/Dir878/2/2.md https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24800
https://notcve.org/view.php?id=CVE-2023-24800
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. • https://github.com/DrizzlingSun/D-link/blob/main/Dir878/3/3.md https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24799
https://notcve.org/view.php?id=CVE-2023-24799
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. • https://github.com/DrizzlingSun/D-link/blob/main/Dir878/1/1.md https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-41140 – D-Link Multiple Routers lighttpd Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41140
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10291 https://www.zerodayinitiative.com/advisories/ZDI-22-1290 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •