CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32224 – D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts
https://notcve.org/view.php?id=CVE-2023-32224
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2023-26615
https://notcve.org/view.php?id=CVE-2023-26615
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password. • https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1 https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1/SetMultipleActions • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32223 – D-Link DSL-224 firmware version 3.0.10 post authentication command execution
https://notcve.org/view.php?id=CVE-2023-32223
D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method. • https://www.gov.il/en/Departments/faq/cve_advisories •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-34800
https://notcve.org/view.php?id=CVE-2023-34800
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main. Se descubrió que D-Link Go-RT-AC750 revA_v101b03 contiene una vulnerabilidad de inyección de comandos a través del parámetro service en genacgi_main. • https://github.com/Tyaoo/IoT-Vuls/blob/main/dlink/Go-RT-AC750/vul.md https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-33625
https://notcve.org/view.php?id=CVE-2023-33625
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. • https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection https://hackmd.io/%40naihsin/By2datZD2 https://www.dlink.com/en/security-bulletin https://attackerkb.com/topics/uqicA23ecz/cve-2023-33625 https://github.com/zcutlip/exploit-poc/tree/master/dlink/dir-815-a1/upnp-command-injection https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-rce-in-ssdpcgi-http-st-cve-2019-2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •