CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43645 – D-Link DIR-825/EE xupnpd IVI Plugin Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43645
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IVI plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10319 https://www.zerodayinitiative.com/advisories/ZDI-22-1704 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43642 – D-Link DIR-825/EE xupnpd YouTube Plugin Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43642
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the YouTube plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10319 https://www.zerodayinitiative.com/advisories/ZDI-22-1701 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 8%CPEs: 7EXPL: 1CVE-2020-29557 – D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-29557
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution. Se detectó un problema en los dispositivos D-Link DIR-825 R1 versiones hasta 3.0.1 antes del 20-11-2020. Un desbordamiento del búfer en la interfaz web permite a atacantes lograr una ejecución de código remota antes de la autenticación D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution. • https://shaqed.github.io/dlink https://www.dlink.ru/ru/download2/5/19/2354/441 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-13263
https://notcve.org/view.php?id=CVE-2019-13263
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. • https://orenlab.sise.bgu.ac.il/publications/CrossRouter https://www.usenix.org/system/files/woot19-paper_ovadia.pdf • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-13264
https://notcve.org/view.php?id=CVE-2019-13264
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. Los dispositivos D-link DIR-825AC G1 poseen una Compartimentación Insuficiente entre una red host y una red invitada que es establecida por el mismo dispositivo. • https://orenlab.sise.bgu.ac.il/publications/CrossRouter https://www.usenix.org/system/files/woot19-paper_ovadia.pdf •