CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-30063
https://notcve.org/view.php?id=CVE-2023-30063
01 May 2023 — D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. • https://github.com/Zarathustra-L/IoT_Vul/tree/main/D-Link/DIR-890L/Auth%20bypass • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 1CVE-2022-29778
https://notcve.org/view.php?id=CVE-2022-29778
03 Jun 2022 — D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php D-Link DIR-890L versión 1.20b01, permite a atacantes ejecutar código arbitrario debido a la opción Wake-On-Lan embebida para el parámetro "descriptor" en el archivo SetVirtualServerSettings.php • https://github.com/TyeYeah/DIR-890L-1.20-RCE • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 1CVE-2022-30521
https://notcve.org/view.php?id=CVE-2022-30521
27 May 2022 — The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. La interfaz de... • https://github.com/winmt/CVE/blob/main/DIR-890L/README.md • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2019-20213
https://notcve.org/view.php?id=CVE-2019-20213
02 Jan 2020 — D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php. • https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 92%CPEs: 37EXPL: 4CVE-2019-17621 – D-Link DIR-859 Router Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-17621
30 Dec 2019 — The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SU... • https://packetstorm.news/files/id/156054 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-12103 – D-Link DIR-890L A2 Improper Access Control
https://notcve.org/view.php?id=CVE-2018-12103
02 Jul 2018 — An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized log... • http://seclists.org/fulldisclosure/2018/Jul/13 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 21%CPEs: 22EXPL: 0CVE-2016-5681
https://notcve.org/view.php?id=CVE-2016-5681
25 Aug 2016 — Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie. Desbordamie... • http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •