CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2024-22853
https://notcve.org/view.php?id=CVE-2024-22853
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 tiene una contraseña codificada para la cuenta Alphanetworks, que permite a atacantes remotos obtener acceso root a través de una sesión de telnet. • https://github.com/FaLLenSKiLL1/CVE-2024-22853 https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/2/2.md https://www.dlink.com/en/security-bulletin • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-22852
https://notcve.org/view.php?id=CVE-2024-22852
D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload. D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contiene un desbordamiento de búfer en la región stack de la memoria a través de la función genacgi_main. Esta vulnerabilidad permite a los atacantes habilitar el servicio telnet a través de un payload especialmente manipulado. • https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/1/1.md https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0921 – D-Link DIR-816 A2 Web Interface setDeviceSettings os command injection
https://notcve.org/view.php?id=CVE-2024-0921
A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiyuanhuaigu/cve/blob/main/rce.md https://vuldb.com/?ctiid.252139 https://vuldb.com/?id.252139 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23625 – D-Link DAP-1650 SUBSCRIBE Callback Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-23625
A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. Existe una vulnerabilidad de inyección de comandos en los dispositivos D-Link DAP-1650 al manejar mensajes de SUBSCRIBE UPnP. Un atacante no autenticado puede aprovechar esta vulnerabilidad para obtener la ejecución de comandos en el dispositivo como root. • https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-subscribe-callback-command-injection-vulnerability • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23624 – D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-23624
A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. Existe una vulnerabilidad de inyección de comandos en el módulo gena.cgi de los dispositivos D-Link DAP-1650. Un atacante no autenticado puede aprovechar esta vulnerabilidad para obtener la ejecución de comandos en el dispositivo como root. • https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •