CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-26615
https://notcve.org/view.php?id=CVE-2023-26615
28 Jun 2023 — D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password. • https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-29665
https://notcve.org/view.php?id=CVE-2023-29665
17 Apr 2023 — D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters in SetPasswdSettings. • https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1/boSetPasswdSettings • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44201
https://notcve.org/view.php?id=CVE-2022-44201
22 Nov 2022 — D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. D-Link DIR823G 1.02B05 es vulnerable a la inyección de comandos. • https://github.com/RobinWang825/IoT_vuln/blob/main/D-Link/DIR-823G/1/readme.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2022-44808
https://notcve.org/view.php?id=CVE-2022-44808
22 Nov 2022 — A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. Se ha encontrado una vulnerabilidad de inyección de comandos en dispositivos D-Link DIR-823G con versión de firmware 1.02B03 que permite a un atacante ejecutar... • https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-43109
https://notcve.org/view.php?id=CVE-2022-43109
03 Nov 2022 — D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet. Se descubrió que D-Link DIR-823G v1.0.2 contenía una vulnerabilidad de inyección de comandos en la función SetNetworkTomographySettings. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios a través de un paquete manipulado. • https://github.com/ppcrab/IOT_FIRMWARE/blob/main/%E5%8F%8B%E8%AE%AF/dir-823g/cve_v1.0.2.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43474
https://notcve.org/view.php?id=CVE-2021-43474
07 Apr 2022 — An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function Se presenta una vulnerabilidad de Control de Acceso en D-Link DIR-823G REVA1 versión 1.02B05 (Lastest) por medio de cualquier parámetro en la función HNAP1 • https://github.com/sek1th/iot/blob/master/dir-823g_all.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 11%CPEs: 2EXPL: 1CVE-2020-25368
https://notcve.org/view.php?id=CVE-2020-25368
04 Nov 2021 — A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. Se ha detectado una vulnerabilidad de inyección de comandos en el protocolo HNAP1 de los dispositivos D-Link DIR-823G con firmware V1.0.2B05. Un atacante puede ejecutar scripts web arbitrarios por medio de metacaracteres de shell en el campo PrivateLogin para iniciar sesión • http://d-link.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-25366
https://notcve.org/view.php?id=CVE-2020-25366
04 Nov 2021 — An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. Un problema en el componente /cgi-bin/upload_firmware.cgi de D-Link DIR-823G REVA1 versión 1.02B05 permite a atacantes causar una denegación de servicio (DoS) por medio de vectores no especificados • http://d-link.com • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 1CVE-2020-25367
https://notcve.org/view.php?id=CVE-2020-25367
04 Nov 2021 — A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login. Se ha detectado una vulnerabilidad de inyección de comandos en el protocolo HNAP1 de los dispositivos D-Link DIR-823G con firmware V1.0.2B05. Un atacante es capaz de ejecutar scripts web arbitrarios por medio de metacaracteres de shell en el campo Captcha para iniciar sesión • http://d-link.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2019-15526
https://notcve.org/view.php?id=CVE-2019-15526
23 Aug 2019 — An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482. Se descubrió un problema en los dispositivos D-Link DIR-823G con firmware V1.0.2B05. Hay una inyección de comando en HNAP1 (explotable con autenticación) a través de metacaracteres de shell en el campo Tipo a SetWanSettings, un problema relacionado con CVE-2019-13482... • https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/823G-102B05-7.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •