CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-46641
https://notcve.org/view.php?id=CVE-2022-46641
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function. • https://github.com/CyberUnicornIoT/IoTvuln/blob/main/d-link/dir-846/D-Link%20dir-846%20SetIpMacBindSettings%20Command%20Injection%20Vulnerability.md https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46566
https://notcve.org/view.php?id=CVE-2022-46566
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module. Se descubrió que D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 contenía un desbordamiento de pila a través del parámetro Password en el módulo SetQuickVPNSettings. • https://hackmd.io/%400dayResearch/SetQuickVPNSettings_Password https://hackmd.io/%400dayResearch/SyhDme7wo https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2022-38873
https://notcve.org/view.php?id=CVE-2022-38873
D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header. Dispositivos D-Link DAP-2310 v2.10rc036 y anteriores, DAP-2330 v1.06rc020 y anteriores, DAP-2360 v2.10rc050 y anteriores, DAP-2553 v3.10rc031 y anteriores, DAP-2660 v1.15rc093 y anteriores, DAP -2690 v3.20rc106 y anteriores, DAP-2695 v1.20rc119_beta31 y anteriores, DAP-3320 v1.05rc027 beta y anteriores, DAP-3662 v1.05rc047 y anteriores permiten a los atacantes provocar una Denegación de Servicio (DoS) mediante la carga de un archivo firmware manipulado después de modificar el encabezado del firmware. • https://github.com/Yuhao-W/BUG--D-Link--Firmware-Update-Vulnerabilities/blob/main/README.md https://www.dlink.com/en/security-bulletin •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-46076
https://notcve.org/view.php?id=CVE-2022-46076
D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi. D-Link DIR-869 DIR869Ax_FW102B15 es vulnerable a la omisión de autenticación a través de phpcgi. • https://github.com/Zarathustra-L/IoT_Vul/tree/main/D-Link/DIR-869 https://www.dlink.com/en/security-bulletin • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44832
https://notcve.org/view.php?id=CVE-2022-44832
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. Se descubrió que el dispositivo D-Link DIR-3040 con firmware 120B03 contiene una vulnerabilidad de inyección de comandos a través de la función SetTriggerLEDBlink. • https://github.com/flamingo1616/iot_vuln/blob/main/D-Link/DIR-3040/6.md https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •