CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5874
https://notcve.org/view.php?id=CVE-2017-5874
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. CSRF existe en los dispositivos D-Link DIR-600M Rev. Cx en versiones anteriores a v3.05ENB01_beta_20170306. • http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10072 http://www.securityfocus.com/bid/96999 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 3CVE-2017-5633 – D-Link DI-524 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-5633
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. Múltiples vulnerabilidades de CSRF en el router wireless D-Link DI-524 con firmware 9.01 permiten a atacantes remotos (1) cambiar la contraseña de administrador, (2) reiniciar el dispositivo o (3) posiblemente tener otro impacto no especificado a través de peticiones manipuladas a programas CGI. • https://www.exploit-db.com/exploits/40983 https://github.com/cardangi/Exploit-CVE-2017-5633 http://seclists.org/fulldisclosure/2017/Feb/70 http://www.securityfocus.com/bid/96475 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 2%CPEs: 22EXPL: 0CVE-2016-5681
https://notcve.org/view.php?id=CVE-2016-5681
Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie. Desbordamiento del búfer basado en pila en dws/api/Login en dispositivos D-Link DIR-850L B1 2.07 en versiones anteriores a 2.07WWB05, DIR-817 Ax, DIR-818LW Bx en versiones anteriores a 2.05b03beta03, DIR-822 C1 3.01 en versiones anteriores a 3.01WWb02, DIR-823 A1 1.00 en versiones anteriores a 1.00WWb05, DIR-895L A1 1.11 en versiones anteriores a 1.11WWb04, DIR-890L A1 1.09 en versiones anteriores a 1.09b14, DIR-885L A1 1.11 en versiones anteriores a 1.11WWb07, DIR-880L A1 1.07 en versiones anteriores a 1.07WWb08, DIR-868L B1 2.03 en versiones anteriores a 2.03WWb01 y DIR-868L C1 3.00 en versiones anteriores a 3.00WWb01 permite a atacantes remotos ejecutar código arbitrario a través de una sesión de cookie larga. • http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063 http://www.kb.cert.org/vuls/id/332115 http://www.securityfocus.com/bid/92427 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1559
https://notcve.org/view.php?id=CVE-2016-1559
D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. D-Link DAP-1353 H/W vers. • http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html http://seclists.org/fulldisclosure/2016/Feb/112 http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 95%CPEs: 4EXPL: 3CVE-2015-7245 – D-Link DVGN5402SP - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7245
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. Vulnerabilidad de salto de directorio en DLink DVGN5402SP con firmware W1000CN00, W1000CN03 o W2000EN00 permite a atacantes remotos leer información sensible a través de un .. (punto punto) en el parámetro errorpage. D-Link DVG-N5402SP suffers from path traversal, weak credential management, and information leakage vulnerabilities. • https://www.exploit-db.com/exploits/39409 http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Feb/24 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •