CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45696 – D-Link WiFi router - Hidden Functionality
https://notcve.org/view.php?id=CVE-2024-45696
16 Sep 2024 — Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device. • https://www.twcert.org.tw/tw/cp-132-8086-93ed5-1.html • CWE-912: Hidden Functionality •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45695 – D-Link WiFi router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-45695
16 Sep 2024 — The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-45694 – D-Link WiFi router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-45694
16 Sep 2024 — The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2024-44410
https://notcve.org/view.php?id=CVE-2024-44410
09 Sep 2024 — D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. • https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44410 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-44411
https://notcve.org/view.php?id=CVE-2024-44411
09 Sep 2024 — D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. • https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44411 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2024-44400
https://notcve.org/view.php?id=CVE-2024-44400
04 Sep 2024 — D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgrade_filter_asp. A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. • https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8400-16.07.26A1_Command_Injection.md/D-link_DI_8400-16.07.26A1_Command_Injection.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45623
https://notcve.org/view.php?id=CVE-2024-45623
02 Sep 2024 — D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. • https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 1CVE-2024-8130 – D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3 command injection
https://notcve.org/view.php?id=CVE-2024-8130
24 Aug 2024 — A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_s3 of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_a_key leads to command injection. The attack can be launched rem... • https://vuldb.com/?id.275701 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7833 – D-Link DI-8100 upgrade_filter.asp upgrade_filter_asp command injection
https://notcve.org/view.php?id=CVE-2024-7833
15 Aug 2024 — A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiate the attack remotely. • https://github.com/aLtEr6/pdf/blob/main/3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7436 – D-Link DI-8100 msp_info.htm msp_info_htm command injection
https://notcve.org/view.php?id=CVE-2024-7436
03 Aug 2024 — A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/aLtEr6/pdf/blob/main/2.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •