CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37791
https://notcve.org/view.php?id=CVE-2023-37791
D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin. • https://github.com/naihsin/IoT/tree/main/D-Link/DIR-619L/overflow https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26616
https://notcve.org/view.php?id=CVE-2023-26616
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo. • https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1/SetParentsControlInfo https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26613
https://notcve.org/view.php?id=CVE-2023-26613
An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. • https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/excu_shell https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26612
https://notcve.org/view.php?id=CVE-2023-26612
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo. • https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1/SetParentsControlInfo https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32222 – D-Link DSL-G256DG firmware version vBZ_1.00.27 Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-32222
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-287: Improper Authentication •