CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43200
https://notcve.org/view.php?id=CVE-2023-43200
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function. Se descubrió que el dispositivo D-Link DI-7200GV2.E1 v21.04.09E1 contenía un desbordamiento de memoria a través del parámetro id en la función yyxz.data. • https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug3.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43202
https://notcve.org/view.php?id=CVE-2023-43202
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter. Se descubrió que D-LINK DWL-6610 FW_v_4.3.0.8B003C contiene una vulnerabilidad de inyección de comandos en la función pcap_download_handler. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios a través del parámetro update.device.packet-capture.tftp-file-name. • https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug4.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43203
https://notcve.org/view.php?id=CVE-2023-43203
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users. Se descubrió que D-LINK DWL-6610 FW_v_4.3.0.8B003C contiene una vulnerabilidad de Desbordamiento del Búfer en la función update_users. • https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug1.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-39638
https://notcve.org/view.php?id=CVE-2023-39638
D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin. Se descubrió que D-LINK DIR-859 A1 1.05 y A1 1.06B01 Beta01 contiene una vulnerabilidad de inyección de comandos a través de la función lxmldbc_system en /htdocs/cgibin. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-859 https://github.com/mmmmmx1/dlink/blob/main/dir-859/readme.md https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39637
https://notcve.org/view.php?id=CVE-2023-39637
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. Se descubrió que D-Link DIR-816 A2 1.10 B05 contiene una vulnerabilidad de inyección de comandos a través del componente /goform/Diagnosis. • http://d-link.com http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-816 https://github.com/mmmmmx1/dlink/blob/main/DIR-816/readme.md https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •