
CVE-2024-7832 – D-Link DNS-1550-04 photocenter_mgr.cgi cgi_get_fullscreen_photos buffer overflow
https://notcve.org/view.php?id=CVE-2024-7832
15 Aug 2024 — A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_get_fullscreen_photos of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument user leads to buffer overflow. The attack may be launched remotely. The exploit has been d... • https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_get_fullscreen_photos.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2024-7831 – D-Link DNS-1550-04 photocenter_mgr.cgi cgi_get_cooliris buffer overflow
https://notcve.org/view.php?id=CVE-2024-7831
15 Aug 2024 — A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_get_cooliris of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument path leads to buffer overflow. The attack can be launched remotely. The exploit has be... • https://vuldb.com/?id.274729 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2024-7830 – D-Link DNS-1550-04 photocenter_mgr.cgi cgi_move_photo buffer overflow
https://notcve.org/view.php?id=CVE-2024-7830
15 Aug 2024 — A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_move_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument photo_name leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been dis... • https://vuldb.com/?id.274728 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2024-7829 – D-Link DNS-1550-04 photocenter_mgr.cgi cgi_del_photo buffer overflow
https://notcve.org/view.php?id=CVE-2024-7829
15 Aug 2024 — A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_del_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. The attack may be initiated remotely. The exploit has bee... • https://vuldb.com/?id.274727 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2024-7828 – D-Link DNS-1550-04 photocenter_mgr.cgi cgi_set_cover buffer overflow
https://notcve.org/view.php?id=CVE-2024-7828
15 Aug 2024 — A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This vulnerability affects the function cgi_set_cover of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument album_name leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed... • https://vuldb.com/?id.274726 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2024-7715 – D-Link DNS-1550-04 photocenter_mgr.cgi sprintf command injection
https://notcve.org/view.php?id=CVE-2024-7715
13 Aug 2024 — A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240812. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument filter leads to command injection. It is possible to initiate the attack remotely. • https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_photo_search.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVE-2024-41616
https://notcve.org/view.php?id=CVE-2024-41616
06 Aug 2024 — D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. • https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/CVE-2024-41616 • CWE-259: Use of Hard-coded Password •

CVE-2024-41610
https://notcve.org/view.php?id=CVE-2024-41610
30 Jul 2024 — D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands. D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contiene credenciales codificadas en el servicio Telnet, lo que permite a los atacantes iniciar sesión de forma remota en el servicio Telnet y realizar comandos arbitrarios. • https://github.com/Nop3z/CVE/blob/main/dlink/dir-820/Dlink-820LW-hardcoded-vulnerability.md • CWE-798: Use of Hard-coded Credentials •

CVE-2024-41611
https://notcve.org/view.php?id=CVE-2024-41611
30 Jul 2024 — In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands. En D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, el servicio Telnet contiene credenciales codificadas, lo que permite a los atacantes iniciar sesión de forma remota en el servicio Telnet y realizar comandos arbitrarios. • https://github.com/Nop3z/CVE/blob/main/dlink/dir-820/Dlink-860L-hardcoded-vulnerability.md • CWE-798: Use of Hard-coded Credentials •

CVE-2024-38438 – D-Link - CWE-294: Authentication Bypass by Capture-replay
https://notcve.org/view.php?id=CVE-2024-38438
21 Jul 2024 — D-Link - CWE-294: Authentication Bypass by Capture-replay D-Link - CWE-294: Omisión de autenticación mediante Capture-replay • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-294: Authentication Bypass by Capture-replay •