CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47035
https://notcve.org/view.php?id=CVE-2022-47035
Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint. La vulnerabilidad de desbordamiento de búfer en D-Link DIR-825 v1.33.0.44ebdd4-embedded y versiones anteriores permite a un atacante ejecutar código arbitrario a través del método GetConfig en el endpoint /CPE. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10314 https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-48107
https://notcve.org/view.php?id=CVE-2022-48107
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20inject%20in%20IPAddress https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-48108
https://notcve.org/view.php?id=CVE-2022-48108
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20inject%20in%20Netmask https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2022-46476
https://notcve.org/view.php?id=CVE-2022-46476
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. • https://github.com/Insight8991/iot/blob/main/dir859%20Command%20Execution%20Vulnerability.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43648 – D-Link DIR-3040 MiniDLNA Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43648
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 1.20B03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MiniDLNA service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the MiniDLNA service. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10322 https://www.zerodayinitiative.com/advisories/ZDI-23-052 • CWE-122: Heap-based Buffer Overflow •