CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4964 – D-Link DAR-7000-40 urlblist.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-4964
16 May 2024 — A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3CWHB%7Cj%5CIbSU0m4%3A_/D-LINK-DAR-7000_upload_%20urlblist.php.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4962 – D-Link DAR-7000-40 resmanage.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-4962
16 May 2024 — A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. Affected by this issue is some unknown functionality of the file /useratte/resmanage.php. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3CWHB%7Cj%5CIbSU0m4%3A_/D-LINK-DAR-7000_upload_%20resmanage.php.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33110
https://notcve.org/view.php?id=CVE-2024-33110
06 May 2024 — D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. El enrutador D-Link DIR-845L v1.01KRb03 y anteriores es vulnerable a la omisión de permiso a través del componente getcfg.php. • https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 12%CPEs: 1EXPL: 0CVE-2024-33112
https://notcve.org/view.php?id=CVE-2024-33112
06 May 2024 — D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. El enrutador D-Link DIR-845L v1.01KRb03 y anteriores es vulnerable a la inyección de comandos a través de la función hnap_main(). • https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 25%CPEs: 1EXPL: 2CVE-2024-33113
https://notcve.org/view.php?id=CVE-2024-33113
06 May 2024 — D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. D-LINK DIR-845L <=v1.01KRb03 es vulnerable a la divulgación de información a través de bsc_sms_inbox.php. • https://github.com/FaLLenSKiLL1/CVE-2024-33113 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33345
https://notcve.org/view.php?id=CVE-2024-33345
29 Apr 2024 — D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input. Se descubrió que D-Link DIR-823G A1V1.0.2B05 contenía una desreferencia de puntero nulo en la función principal de upload_firmware.cgi, lo que permite a atacantes remotos provocar una denegación de servicio (DoS) a través de una entrada manipulada. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-823G • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33342
https://notcve.org/view.php?id=CVE-2024-33342
26 Apr 2024 — D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. Se descubrió que D-Link DIR-822+ V1.0.5 contenía una inyección de comando en la función SetPlcNetworkpwd de prog.cgi, que permite a atacantes remotos ejecutar comandos arbitrarios a través del shell. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-822%2B • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-33344
https://notcve.org/view.php?id=CVE-2024-33344
26 Apr 2024 — D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. Se descubrió que D-Link DIR-822+ V1.0.5 contiene una inyección de comando en la función ftext de upload_firmware.cgi, que permite a atacantes remotos ejecutar comandos arbitrarios a través de shell. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-822%2B • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 5%CPEs: 3EXPL: 1CVE-2024-3274 – D-Link DNS-320L/DNS-320LW/DNS-327L HTTP GET Request info.cgi information disclosure
https://notcve.org/view.php?id=CVE-2024-3274
04 Apr 2024 — A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/netsecfish/info_cgi • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1786 – D-Link DIR-600M C1 Telnet Service buffer overflow
https://notcve.org/view.php?id=CVE-2024-1786
23 Feb 2024 — A vulnerability, which was classified as critical, has been found in D-Link DIR-600M C1 3.08. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation of the argument username leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://gist.github.com/dmknght/269d90e17713bbd34e48c50f5c5284a2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •