CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17065
https://notcve.org/view.php?id=CVE-2017-17065
An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request. Se ha descubierto un problema en dispositivos D-Link DIR-605L Model B en versiones anteriores a la FW2.11betaB06_hbrf. Esto se relaciona con el código que gestiona los valores de autenticación para HNAP. Un atacante puede provocar una denegación de servicio (cierre inesperado del dispositivo) o, posiblemente, otro tipo de impacto sin especificar mediante el envío de una cadena lo suficientemente larga en el campo password de la sección HTTP Basic Authentication de la petición HTTP. • ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-605L/REVB/DIR-605L_REVB_FIRMWARE_PATCH_NOTES_2.11betaB06_HBRF_EN.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 1CVE-2017-9675 – D-Link DIR-605L < 2.08 - Denial of Service
https://notcve.org/view.php?id=CVE-2017-9675
On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot. En dispositivos D-Link DIR-605L, el firmware en versiones anteriores a la 2.08UIBetaB01.bin permite que una petición GET desencadene un reinicio. D-Link DIR605L versions 2.08 and below suffer from a denial of service vulnerability via a simple HTTP GET. • https://www.exploit-db.com/exploits/43147 ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-605L/REVB/DIR-605L_REVB_RELEASE_NOTES_v2.08UIBETAB01_EN.pdf http://www.securityfocus.com/bid/99084 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 96%CPEs: 62EXPL: 1CVE-2014-8361 – Realtek SDK Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2014-8361
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. • https://www.exploit-db.com/exploits/37169 http://jvn.jp/en/jp/JVN47580234/index.html http://jvn.jp/en/jp/JVN67456944/index.html http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 http://www.securityfocus.com/bid/74330 http://www.zerodayinitiative.com/advisories/ZDI-15-155 https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos https://web.archive.org/web/20150909230440/ •