CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46569
https://notcve.org/view.php?id=CVE-2022-46569
23 Dec 2022 — D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module. Se descubrió que D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 contenía un desbordamiento de pila a través del parámetro Key en el módulo SetWLanRadioSecurity. • https://hackmd.io/%400dayResearch/SetWLanRadioSecurity • CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46570
https://notcve.org/view.php?id=CVE-2022-46570
23 Dec 2022 — D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module. Se descubrió que D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 contenía un desbordamiento de pila a través del parámetro Password en el módulo SetWan3Settings. • https://hackmd.io/%400dayResearch/SetWan3Settings_l2tp • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-44804
https://notcve.org/view.php?id=CVE-2022-44804
22 Nov 2022 — D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. D-Link DIR-882 1.10B02 y 1.20B06 es vulnerable al desbordamiento del búfer a través de la función websRedirect. • https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-882/2 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 1CVE-2022-44806
https://notcve.org/view.php?id=CVE-2022-44806
22 Nov 2022 — D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. D-Link DIR-882 1.10B02 y 1.20B06 es vulnerable al desbordamiento del búfer. • https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-882/4 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-44807
https://notcve.org/view.php?id=CVE-2022-44807
22 Nov 2022 — D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. D-Link DIR-882 1.10B02 y 1.20B06 es vulnerable al desbordamiento del búfer a través de webGetVarString. • https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-882/5 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2022-41140 – D-Link Multiple Routers lighttpd Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41140
20 Sep 2022 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context ... • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10291 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 1CVE-2022-28896
https://notcve.org/view.php?id=CVE-2022-28896
10 May 2022 — A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Una vulnerabilidad de inyección de comandos en el componente /setnetworksettings/SubnetMask de D-Link DIR882 versión DIR882A1_FW130B06, permite a atacantes escalar privilegios a root por medio de una carga útil diseñada • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 1CVE-2022-28895
https://notcve.org/view.php?id=CVE-2022-28895
10 May 2022 — A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Una vulnerabilidad de inyección de comandos en el componente /setnetworksettings/IPAddress de D-Link DIR882 versión DIR882A1_FW130B06, permite a atacantes escalar privilegios a root por medio de una carga útil diseñada • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 1CVE-2022-28901
https://notcve.org/view.php?id=CVE-2022-28901
10 May 2022 — A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Una vulnerabilidad de inyección de comandos en el componente /SetTriggerLEDBlink/Blink de D-Link DIR882 versión DIR882A1_FW130B06, permite a atacantes escalar privilegios a root por medio de una carga útil diseñada • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 1CVE-2022-28571
https://notcve.org/view.php?id=CVE-2022-28571
02 May 2022 — D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. Se ha detectado que D-link 882 DIR882A1_FW130B06 contiene una vulnerabilidad de inyección de comandos en "/usr/bin/cli" • https://github.com/F0und-icu/TempName/tree/main/Dlink-882 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •