CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2019-15527
https://notcve.org/view.php?id=CVE-2019-15527
23 Aug 2019 — An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings. Se descubrió un problema en los dispositivos D-Link DIR-823G con firmware V1.0.2B05. Hay una inyección de comando en HNAP1 (explotable con autenticación) a través de metacaracteres de shell en el campo MaxIdTime a SetWanSettings. • https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/823G-102B05-6.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2019-15528
https://notcve.org/view.php?id=CVE-2019-15528
23 Aug 2019 — An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings. Se descubrió un problema en los dispositivos D-Link DIR-823G con firmware V1.0.2B05. Hay una inyección de comando en HNAP1 (explotable con autenticación) a través de metacaracteres de shell en el campo Interfaz a SetStaticRouteSettings. • https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/823G-102B05-5.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2019-15529
https://notcve.org/view.php?id=CVE-2019-15529
23 Aug 2019 — An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. Se descubrió un problema en los dispositivos D-Link DIR-823G con firmware V1.0.2B05. Hay una inyección de comando en HNAP1 (explotable con autenticación) a través de metacaracteres de shell en el campo Nombre de usuario para iniciar sesión. • https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/823G-102B05-1.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2019-15530
https://notcve.org/view.php?id=CVE-2019-15530
23 Aug 2019 — An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. Se descubrió un problema en los dispositivos D-Link DIR-823G con firmware V1.0.2B05. Hay una inyección de comando en HNAP1 (explotable con autenticación) a través de metacaracteres de shell en el campo LoginPassword para iniciar sesión. • https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/823G-102B05-2.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2019-13128
https://notcve.org/view.php?id=CVE-2019-13128
01 Jul 2019 — An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings. Se ha descubierto un problema en dispositivos D-Link DIR-823G con firmware en su versión 1.02B03. Hay una inyección de comandos en HNAP1 (explotable con autenticación) mediante metacaracteres shell en el campo IPAddress o el campo Gateway para SetStaticRouteSettings. • https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/DIR-823G-v2.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-8392
https://notcve.org/view.php?id=CVE-2019-8392
17 Feb 2019 — An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead. Se ha descubierto un problema en dispositivos D-Link DIR-823G con firmware en su versión 1.02B03. Hay un control de acceso incorrecto que permite que los atacantes remotos habiliten el wifi invitado mediante la API HNAP SetWLanRadioSettings en el servicio web proporcionado... • https://github.com/leonW7/D-Link/blob/master/Vul_6.md •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-7388
https://notcve.org/view.php?id=CVE-2019-7388
05 Feb 2019 — An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication. Se ha descubierto un problema en /bin/goahead en dispositivos D-Link DIR-823G con firmware en su versión 1.02B03. Hay un control de acceso incorrecto, lo que permit... • http://www.securityfocus.com/bid/106852 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-7389
https://notcve.org/view.php?id=CVE-2019-7389
05 Feb 2019 — An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication. Se ha descubierto un problema en /bin/goahead en dispositivos D-Link DIR-823G con firmware en su versión 1.02B03. Hay un control de acceso incorrecto que permite que los atacantes remotos re... • http://www.securityfocus.com/bid/106853 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 1CVE-2019-7390
https://notcve.org/view.php?id=CVE-2019-7390
05 Feb 2019 — An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API. Se ha descubierto un problema en /bin/goahead en dispositivos D-Link DIR-823G con firmware en su versión 1.02B03. Hay un control de acceso incorrecto que permite que los atacantes remotos secuestren la configuración del servicio DNS de t... • http://www.securityfocus.com/bid/106855 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.3EPSS: 54%CPEs: 2EXPL: 1CVE-2019-7298
https://notcve.org/view.php?id=CVE-2019-7298
01 Feb 2019 — An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. Se ha descubierto un problem... • http://www.securityfocus.com/bid/106814 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •