CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43474
https://notcve.org/view.php?id=CVE-2021-43474
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function Se presenta una vulnerabilidad de Control de Acceso en D-Link DIR-823G REVA1 versión 1.02B05 (Lastest) por medio de cualquier parámetro en la función HNAP1 • https://github.com/sek1th/iot/blob/master/dir-823g_all.md https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 1CVE-2020-25368
https://notcve.org/view.php?id=CVE-2020-25368
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. Se ha detectado una vulnerabilidad de inyección de comandos en el protocolo HNAP1 de los dispositivos D-Link DIR-823G con firmware V1.0.2B05. Un atacante puede ejecutar scripts web arbitrarios por medio de metacaracteres de shell en el campo PrivateLogin para iniciar sesión • http://d-link.com https://github.com/sek1th/iot/blob/master/dir-823g_2.md https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-25366
https://notcve.org/view.php?id=CVE-2020-25366
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. Un problema en el componente /cgi-bin/upload_firmware.cgi de D-Link DIR-823G REVA1 versión 1.02B05 permite a atacantes causar una denegación de servicio (DoS) por medio de vectores no especificados • http://d-link.com https://github.com/sek1th/iot/blob/master/dir823g_upfw_dos.md https://www.dlink.com/en/security-bulletin • CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 71%CPEs: 2EXPL: 1CVE-2019-7298
https://notcve.org/view.php?id=CVE-2019-7298
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. Se ha descubierto un problema en dispositivos D-Link DIR-823G con versiones de firmware hasta la 1.02B03. • http://www.securityfocus.com/bid/106814 https://github.com/leonW7/D-Link/blob/master/Vul_2.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 73%CPEs: 2EXPL: 1CVE-2019-7297
https://notcve.org/view.php?id=CVE-2019-7297
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. Se ha descubierto un problema en dispositivos D-Link DIR-823G con firmware hasta la versión 1.02B03. • http://www.securityfocus.com/bid/106815 https://github.com/leonW7/D-Link/blob/master/Vul_1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •