CVSS: 9.7EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48632
https://notcve.org/view.php?id=CVE-2024-48632
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_39/39.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.7EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48633
https://notcve.org/view.php?id=CVE-2024-48633
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_40/40.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48634
https://notcve.org/view.php?id=CVE-2024-48634
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_33/33.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48635
https://notcve.org/view.php?id=CVE-2024-48635
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/tree/main/D-link4/vuln_38 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48636
https://notcve.org/view.php?id=CVE-2024-48636
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_36/36.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48637
https://notcve.org/view.php?id=CVE-2024-48637
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_37/37.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48638
https://notcve.org/view.php?id=CVE-2024-48638
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_35/35.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 0CVE-2024-44413
https://notcve.org/view.php?id=CVE-2024-44413
11 Oct 2024 — A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. • https://github.com/IotChan/cve/blob/main/dlink/di-8300/CVE-2024-44413 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44415
https://notcve.org/view.php?id=CVE-2024-44415
11 Oct 2024 — A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. • https://github.com/IotChan/cve/blob/main/dlink/DI-8200/CVE-2024-44415 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9792 – D-Link DSL-2750U Port Forwarding Page cross site scripting
https://notcve.org/view.php?id=CVE-2024-9792
10 Oct 2024 — A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely. Es wurde eine Schwachstelle in D-Link DSL-2750U R5B017 entdeckt. • https://vuldb.com/?ctiid.279945 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •