CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43184
https://notcve.org/view.php?id=CVE-2022-43184
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi. Se ha detectado que D-Link DIR878 versión 1.30B08 Hotfix_04, contiene una vulnerabilidad de inyección de comandos por medio del componente /bin/proc.cgi • https://github.com/HuangPayoung/CVE-request/tree/main/DLink/vuln2 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2016-20017 – D-Link DSL-2750B Devices Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2016-20017
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. Los dispositivos D-Link DSL-2750B versiones anteriores a 1.05, permiten una inyección remota de comandos no autenticados por medio del parámetro cli login.cgi, como ha sido explotado "in the wild" en 2016 hasta 2022 D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter. • https://seclists.org/fulldisclosure/2016/Feb/53 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10088 https://www.exploit-db.com/exploits/44760 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42159
https://notcve.org/view.php?id=CVE-2022-42159
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator. Se ha detectado que D-Link COVR 1200,1202,1203 versión v1.08, tenía una semilla predecible en un generador de números pseudoaleatorios • https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf https://www.dlink.com/en/security-bulletin • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42156
https://notcve.org/view.php?id=CVE-2022-42156
D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings. Se ha detectado que D-Link COVR 1200,1203 versión v1.08, contiene una vulnerabilidad de inyección de comandos por medio del parámetro tomography_ping_number en la función SetNetworkTomographySettings • https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42160
https://notcve.org/view.php?id=CVE-2022-42160
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. Se ha detectado que D-Link COVR 1200,1202,1203 versión v1.08, contiene una vulnerabilidad de inyección de comandos por medio del parámetro system_time_timezone en la función SetNTPServerSettings • https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •