CVSS: 8.5EPSS: 7%CPEs: 1EXPL: 0CVE-2023-44412 – D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-44412
04 Oct 2023 — D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addDv7Probe function. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back... • https://www.zerodayinitiative.com/advisories/ZDI-23-1510 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 1%CPEs: 1EXPL: 0CVE-2023-44413 – D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-44413
04 Oct 2023 — D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the shutdown_coreserver action. The issue results from the lack of authentication prior to allowing access to functionality. • https://www.zerodayinitiative.com/advisories/ZDI-23-1511 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-44414 – D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44414
04 Oct 2023 — D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coreservice_action_script action. The issue results from the exposure of a dangerous function. • https://www.zerodayinitiative.com/advisories/ZDI-23-1512 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44422 – D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44422
04 Oct 2023 — D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the prog.cgi program, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The is... • https://www.zerodayinitiative.com/advisories/ZDI-23-1520 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44424 – D-Link DIR-X3260 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44424
04 Oct 2023 — D-Link DIR-X3260 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results fr... • https://www.zerodayinitiative.com/advisories/ZDI-23-1522 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-41194 – D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41194
07 Sep 2023 — D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a ... • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10351 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-41200 – D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41200
07 Sep 2023 — D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using... • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10351 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2023-41206 – D-Link DAP-1325 SetHostIPv6Settings IPv6Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41206
07 Sep 2023 — D-Link DAP-1325 SetHostIPv6Settings IPv6Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a... • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10351 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2023-41207 – D-Link DAP-1325 SetHostIPv6StaticSettings StaticAddress Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41207
07 Sep 2023 — D-Link DAP-1325 SetHostIPv6StaticSettings StaticAddress Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copy... • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10351 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2023-41212 – D-Link DAP-1325 SetTriggerAPValidate Key Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41212
07 Sep 2023 — D-Link DAP-1325 SetTriggerAPValidate Key Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fix... • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10351 • CWE-121: Stack-based Buffer Overflow •