8 results (0.027 seconds)

CVSS: 5.3EPSS: 0%CPEs: 88EXPL: 1

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/999zzzzz/D-Link https://vuldb.com/?ctiid.251542 https://vuldb.com/?id.251542 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1

D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. D-Link DIR-882 1.10B02 y 1.20B06 es vulnerable al desbordamiento del búfer a través de la función websRedirect. • https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-882/2 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. D-Link DIR-882 1.10B02 y 1.20B06 es vulnerable al desbordamiento del búfer a través de webGetVarString. • https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-882/5 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. D-Link DIR-882 1.10B02 y 1.20B06 es vulnerable al desbordamiento del búfer. • https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-882/4 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 59EXPL: 1

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. Una vulnerabilidad de inyección de comandos en el binario de protesta permite a un atacante con acceso a la interfaz de línea de comandos remota ejecutar comandos arbitrarios como root • https://www.tenable.com/security/research/tra-2022-09 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •