CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33270
https://notcve.org/view.php?id=CVE-2021-33270
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request. Se ha detectado que los dispositivos D-Link DIR-809 con versión de firmware hasta DIR-809Ax_FW1.12WB03_20190410, contienen una vulnerabilidad de desbordamiento del búfer de la pila en la función FUN_800462c4 en /formAdvFirewall. Esta vulnerabilidad es desencadenada por medio de una petición POST diseñada • https://github.com/Lnkvct/IoT-poc/tree/master/D-Link-DIR809/vuln06 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33271
https://notcve.org/view.php?id=CVE-2021-33271
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. Se ha detectado que los dispositivos D-Link DIR-809 con versión de firmware hasta DIR-809Ax_FW1.12WB03_20190410, contienen una vulnerabilidad de desbordamiento del búfer de la pila en la función sub_80046EB4 en /formSetPortTr. Esta vulnerabilidad es desencadenada por medio de una petición POST diseñada • https://github.com/Lnkvct/IoT-poc/tree/master/D-Link-DIR809/vuln11 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33274
https://notcve.org/view.php?id=CVE-2021-33274
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request. Se ha detectado que los dispositivos D-Link DIR-809 con versión de firmware hasta DIR-809Ax_FW1.12WB03_20190410, contienen una vulnerabilidad de desbordamiento del búfer de la pila en la función FUN_80040af8 en /formWlanSetup. Esta vulnerabilidad es desencadenada por medio de una petición POST diseñada • https://github.com/Lnkvct/IoT-poc/tree/master/D-Link-DIR809/vuln07 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 96%CPEs: 62EXPL: 1CVE-2014-8361 – Realtek SDK Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2014-8361
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. • https://www.exploit-db.com/exploits/37169 http://jvn.jp/en/jp/JVN47580234/index.html http://jvn.jp/en/jp/JVN67456944/index.html http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 http://www.securityfocus.com/bid/74330 http://www.zerodayinitiative.com/advisories/ZDI-15-155 https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos https://web.archive.org/web/20150909230440/ •