CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43206
https://notcve.org/view.php?id=CVE-2023-43206
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter. Se descubrió que D-LINK DWL-6610 FW_v_4.3.0.8B003C contiene una vulnerabilidad de inyección de comandos en la función web_cert_download_handler. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios a través del parámetro certDownload. • https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug6.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43204
https://notcve.org/view.php?id=CVE-2023-43204
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter. Se descubrió que D-LINK DWL-6610 FW_v_4.3.0.8B003C contiene una vulnerabilidad de inyección de comando en la función sub_2EF50. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios a través del parámetro manual-time-string. • https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43207
https://notcve.org/view.php?id=CVE-2023-43207
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter. Se descubrió que D-LINK DWL-6610 FW_v_4.3.0.8B003C contiene una vulnerabilidad de inyección de comandos en la función config_upload_handler. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios a través del parámetro configRestore. • https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug3.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43202
https://notcve.org/view.php?id=CVE-2023-43202
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter. Se descubrió que D-LINK DWL-6610 FW_v_4.3.0.8B003C contiene una vulnerabilidad de inyección de comandos en la función pcap_download_handler. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios a través del parámetro update.device.packet-capture.tftp-file-name. • https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug4.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43203
https://notcve.org/view.php?id=CVE-2023-43203
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users. Se descubrió que D-LINK DWL-6610 FW_v_4.3.0.8B003C contiene una vulnerabilidad de Desbordamiento del Búfer en la función update_users. • https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug1.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •