CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2022-44930
https://notcve.org/view.php?id=CVE-2022-44930
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. Se descubrió que D-Link DHP-W310AV 3.10EU contiene una vulnerabilidad de inyección de comandos a través de la función System Checks. • https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44930 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2022-40799
https://notcve.org/view.php?id=CVE-2022-40799
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. La Falla de Integridad de Datos en 'Backup Config' en D-Link DNR-322L en versiones <= 2.60B15 permite a un atacante autenticado ejecutar comandos a nivel de sistema operativo en el dispositivo. • https://github.com/rtfmkiesel/CVE-2022-40799 https://gitlab.com/lu-ka/cve-2022-40799 • CWE-494: Download of Code Without Integrity Check •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44801
https://notcve.org/view.php?id=CVE-2022-44801
D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. D-Link DIR-878 1.02B05 es vulnerable a un control de acceso incorrecto. • https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-878/3 https://www.dlink.com/en/security-bulletin •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44808
https://notcve.org/view.php?id=CVE-2022-44808
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. Se ha encontrado una vulnerabilidad de inyección de comandos en dispositivos D-Link DIR-823G con versión de firmware 1.02B03 que permite a un atacante ejecutar comandos arbitrarios del sistema operativo a través de solicitudes /HNAP1 bien diseñadas. Antes de que la función API de HNAP pueda procesar la solicitud, la función del sistema ejecuta un comando que no es de confianza que desencadena la vulnerabilidad. • https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1 https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-823G/2 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-44804
https://notcve.org/view.php?id=CVE-2022-44804
D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. D-Link DIR-882 1.10B02 y 1.20B06 es vulnerable al desbordamiento del búfer a través de la función websRedirect. • https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-882/2 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •