CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-19320
https://notcve.org/view.php?id=CVE-2020-19320
Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login. Vulnerabilidad de desbordamiento de búfer en DLINK 619L versión B 2.06beta a través del parámetro curTime al iniciar sesión. • https://github.com/hhhhu8045759/dlink-619l-buffer_overflow https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-19323
https://notcve.org/view.php?id=CVE-2020-19323
An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required Se descubrió un problema en /bin/mini_upnpd en dispositivos D-Link DIR-619L 2.06beta. Hay un desbordamiento del búfer que permite a atacantes remotos reiniciar el router a través del parámetro ST de solicitud de búsqueda M. No se requiere autenticación • https://github.com/hhhhu8045759/619L_upnpd_heapoverflow https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-19319
https://notcve.org/view.php?id=CVE-2020-19319
Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login. Vulnerabilidad de desbordamiento de búfer en DLINK 619L versión B 2.06beta a través del parámetro FILECODE al iniciar sesión. • https://github.com/hhhhu8045759/dir_619l-buffer-overflow • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-19318
https://notcve.org/view.php?id=CVE-2020-19318
Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program. Vulnerabilidad de Desbordamiento de Búfer en D-Link DIR-605L, versión de hardware AX, versión de firmware 1.17beta e inferior, permite a atacantes autorizados ejecutar código arbitrario mediante el envío de datos manipulados al programa de servicio del servidor web. • https://github.com/hhhhu8045759/dir_605L-stack-overflow/blob/master/README.md • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-4711 – D-Link DAR-8000-10 decodmail.php os command injection
https://notcve.org/view.php?id=CVE-2023-4711
A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. • https://github.com/TinkAnet/cve/blob/main/rce.md https://vuldb.com/?ctiid.238574 https://vuldb.com/?id.238574 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •