CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-11960 – D-Link DIR-605L formSetPortTr buffer overflow
https://notcve.org/view.php?id=CVE-2024-11960
28 Nov 2024 — A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. • https://github.com/offshore0315/loT-vulnerable/blob/main/D-Link/formSetPortTr.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-11959 – D-Link DIR-605L formResetStatistic buffer overflow
https://notcve.org/view.php?id=CVE-2024-11959
28 Nov 2024 — A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. • https://github.com/offshore0315/loT-vulnerable/blob/main/D-Link/formResetStatistic.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28729
https://notcve.org/view.php?id=CVE-2024-28729
12 Nov 2024 — An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. • https://github.com/Mrnmap/mrnmap-cve • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28731
https://notcve.org/view.php?id=CVE-2024-28731
12 Nov 2024 — Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option. • https://github.com/Mrnmap/mrnmap-cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11068 – D-Link DSL6740C - Incorrect Use of Privileged APIs
https://notcve.org/view.php?id=CVE-2024-11068
11 Nov 2024 — The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account. • https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11067 – D-Link DSL6740C - Arbitrary File Reading through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11067
11 Nov 2024 — The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password. • https://www.twcert.org.tw/en/cp-139-8233-903d9-2.html • CWE-23: Relative Path Traversal •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11066 – D-Link DSL6740C - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-11066
11 Nov 2024 — The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page. • https://www.twcert.org.tw/en/cp-139-8232-5d94e-2.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11064 – D-Link DSL6740C - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-11064
11 Nov 2024 — The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. • https://www.twcert.org.tw/en/cp-139-8230-11430-2.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11063 – D-Link DSL6740C - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-11063
11 Nov 2024 — The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. • https://www.twcert.org.tw/en/cp-139-8229-3c2ab-2.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11062 – D-Link DSL6740C - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-11062
11 Nov 2024 — The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. • https://www.twcert.org.tw/en/cp-139-8228-1fbb0-2.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •