CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-33626
https://notcve.org/view.php?id=CVE-2023-33626
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. • https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-34856
https://notcve.org/view.php?id=CVE-2023-34856
A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi. • https://github.com/hashshfza/Vulnerability/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33782
https://notcve.org/view.php?id=CVE-2023-33782
D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. • https://github.com/s0tr/CVE-2023-33782 http://d-link.com http://dir-842v2.com https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33781
https://notcve.org/view.php?id=CVE-2023-33781
An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file. • https://github.com/s0tr/CVE-2023-33781 http://d-link.com http://dir-842v2.com https://www.dlink.com/en/security-bulletin •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2023-33735
https://notcve.org/view.php?id=CVE-2023-33735
D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface. • https://github.com/Tyaoo/IoT-Vuls/blob/main/dlink/DIR-846/vul.md https://www.dlink.com/en/security-bulletin •