CVSS: 6.9EPSS: 0%CPEs: 12EXPL: 1CVE-2024-10916 – D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure
https://notcve.org/view.php?id=CVE-2024-10916
06 Nov 2024 — A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 9.2EPSS: 92%CPEs: 12EXPL: 1CVE-2024-10915 – D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
https://notcve.org/view.php?id=CVE-2024-10915
06 Nov 2024 — A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. • https://netsecfish.notion.site/Command-Injection-Vulnerability-in-group-parameter-for-D-Link-NAS-12d6b683e67c803fa1a0c0d236c9a4c5?pvs=4 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-707: Improper Neutralization •
CVSS: 9.8EPSS: 93%CPEs: 12EXPL: 14CVE-2024-10914 – D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
https://notcve.org/view.php?id=CVE-2024-10914
06 Nov 2024 — A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. • https://packetstorm.news/files/id/183163 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-707: Improper Neutralization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48150
https://notcve.org/view.php?id=CVE-2024-48150
14 Oct 2024 — D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function. • https://github.com/fu37kola/cve/blob/main/D-Link/DIR-820L/D-Link%20DIR-820L%20Stack%20Overflow%20Vulnerability.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48168
https://notcve.org/view.php?id=CVE-2024-48168
14 Oct 2024 — A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code. • https://github.com/fu37kola/cve/blob/main/D-Link/DCS-960L/D-Link%20DCS-960L%201.09%20Stack%20overflow_1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9915 – D-Link DIR-619L B1 formVirtualServ buffer overflow
https://notcve.org/view.php?id=CVE-2024-9915
13 Oct 2024 — A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formVirtualServ.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9914 – D-Link DIR-619L B1 formSetWizardSelectMode buffer overflow
https://notcve.org/view.php?id=CVE-2024-9914
13 Oct 2024 — A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formSetWizardSelectMode of the file /goform/formSetWizardSelectMode. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetWizardSelectMode.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9913 – D-Link DIR-619L B1 formSetRoute buffer overflow
https://notcve.org/view.php?id=CVE-2024-9913
13 Oct 2024 — A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetRoute.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9912 – D-Link DIR-619L B1 formSetQoS buffer overflow
https://notcve.org/view.php?id=CVE-2024-9912
13 Oct 2024 — A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetQoS.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9911 – D-Link DIR-619L B1 formSetPortTr buffer overflow
https://notcve.org/view.php?id=CVE-2024-9911
13 Oct 2024 — A vulnerability was found in D-Link DIR-619L B1 2.06. It has been classified as critical. This affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetPortTr.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •