CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24343
https://notcve.org/view.php?id=CVE-2023-24343
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule. • https://github.com/1160300418/Vuls/tree/main/D-Link/DIR-605L/curTime_Vuls/01 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24349
https://notcve.org/view.php?id=CVE-2023-24349
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute. • https://github.com/1160300418/Vuls/tree/main/D-Link/DIR-605L/curTime_Vuls/04 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 1CVE-2021-40655 – D-Link DIR-605 Router Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-40655
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page Se presenta un problema de divulgación de información en D-LINK-DIR-605 B2 Firmware Versión : 2.01MT. Un atacante puede obtener un nombre de usuario y una contraseña al falsificar una petición de envío a la página / getcfg.php D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page. • https://github.com/Ilovewomen/D-LINK-DIR-605 https://www.dlink.com/en/security-bulletin • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 1CVE-2018-20057
https://notcve.org/view.php?id=CVE-2018-20057
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter. Se ha descubierto un problema en /bin/boa en dispositivos D-Link DIR-619L Rev.B 2.06B1 y DIR-605L Rev.B 2.12B1. goform/formSysCmd permite que usuarios autenticados remotos ejecuten comandos arbitrarios del sistema operativo mediante el parámetro POST sysCmd. • https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-619%20command%20execution.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2018-20056
https://notcve.org/view.php?id=CVE-2018-20056
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter. Se ha descubierto un problema en /bin/boa en dispositivos D-Link DIR-619L Rev.B 2.06B1 y DIR-605L Rev.B 2.12B1. Hay un desbordamiento de búfer basado en pila que permite que atacantes remotos ejecuten código arbitrario sin autenticación mediante el parámetro currTime en goform/formLanguageChange. • https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-619%20stack%20overflow.md • CWE-787: Out-of-bounds Write •