CVE-2022-46566
https://notcve.org/view.php?id=CVE-2022-46566
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module. Se descubrió que D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 contenía un desbordamiento de pila a través del parámetro Password en el módulo SetQuickVPNSettings. • https://hackmd.io/%400dayResearch/SetQuickVPNSettings_Password https://hackmd.io/%400dayResearch/SyhDme7wo https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVE-2022-28896
https://notcve.org/view.php?id=CVE-2022-28896
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Una vulnerabilidad de inyección de comandos en el componente /setnetworksettings/SubnetMask de D-Link DIR882 versión DIR882A1_FW130B06, permite a atacantes escalar privilegios a root por medio de una carga útil diseñada • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/2 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-28895
https://notcve.org/view.php?id=CVE-2022-28895
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Una vulnerabilidad de inyección de comandos en el componente /setnetworksettings/IPAddress de D-Link DIR882 versión DIR882A1_FW130B06, permite a atacantes escalar privilegios a root por medio de una carga útil diseñada • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/1 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-28901
https://notcve.org/view.php?id=CVE-2022-28901
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Una vulnerabilidad de inyección de comandos en el componente /SetTriggerLEDBlink/Blink de D-Link DIR882 versión DIR882A1_FW130B06, permite a atacantes escalar privilegios a root por medio de una carga útil diseñada • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/3 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-28571
https://notcve.org/view.php?id=CVE-2022-28571
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. Se ha detectado que D-link 882 DIR882A1_FW130B06 contiene una vulnerabilidad de inyección de comandos en "/usr/bin/cli" • https://github.com/F0und-icu/TempName/tree/main/Dlink-882 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •