CVSS: 9.8EPSS: 94%CPEs: 2EXPL: 2CVE-2023-4542 – D-Link DAR-8000-10 sys1.php os command injection
https://notcve.org/view.php?id=CVE-2023-4542
A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. • https://github.com/PumpkinBridge/CVE-2023-4542 https://github.com/PumpkinBridge/cve/blob/main/rce.md https://vuldb.com/?ctiid.238047 https://vuldb.com/?id.238047 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39749
https://notcve.org/view.php?id=CVE-2023-39749
D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the component /adv_resource. This vulnerability is exploited via a crafted GET request. • https://github.com/a101e-IoTvul/iotvul/blob/main/d-link/2/D-Link%20DAP-2660%20adv_resource.md https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39750
https://notcve.org/view.php?id=CVE-2023-39750
D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request. • https://github.com/a101e-IoTvul/iotvul/blob/main/d-link/1/D-Link%20DAP-2660%20bsc_ipv6.md https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39674
https://notcve.org/view.php?id=CVE-2023-39674
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function fgets. Se descubrió que D-Link DIR-880 A1_FW107WWb08 contiene un desbordamiento de búfer a través de la función fgets. • https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR880%20buffe%20overflow.md https://support.dlink.com https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39666
https://notcve.org/view.php?id=CVE-2023-39666
D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters. Se descubrió que D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 contiene múltiples desbordamientos de búfer en la función fgets a través de los parámetros acStack_120 y acStack_220. • https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-842%20buffer%20overflow.md https://support.dlink.com https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •