Page 2 of 8 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication. Se ha descubierto un problema en /bin/goahead en dispositivos D-Link DIR-823G con firmware en su versión 1.02B03. Hay un control de acceso incorrecto, lo que permite que los atacantes remotos obtengan información sensible (como la dirección MAC) sobre todos los clientes en el WLAN mediante la API HNAP GetClientInfo. • http://www.securityfocus.com/bid/106852 https://github.com/leonW7/D-Link/blob/master/Vul_3.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 71%CPEs: 2EXPL: 1

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. Se ha descubierto un problema en dispositivos D-Link DIR-823G con versiones de firmware hasta la 1.02B03. • http://www.securityfocus.com/bid/106814 https://github.com/leonW7/D-Link/blob/master/Vul_2.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 73%CPEs: 2EXPL: 1

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. Se ha descubierto un problema en dispositivos D-Link DIR-823G con firmware hasta la versión 1.02B03. • http://www.securityfocus.com/bid/106815 https://github.com/leonW7/D-Link/blob/master/Vul_1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •