Page 5 of 151 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device. • https://www.twcert.org.tw/tw/cp-132-8086-93ed5-1.html https://www.twcert.org.tw/en/cp-139-8087-c3e70-2.html • CWE-912: Hidden Functionality •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html • CWE-121: Stack-based Buffer Overflow •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiate the attack remotely. • https://github.com/aLtEr6/pdf/blob/main/3.pdf https://vuldb.com/?ctiid.274731 https://vuldb.com/?id.274731 https://vuldb.com/?submit.385338 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/aLtEr6/pdf/blob/main/2.pdf https://vuldb.com/?ctiid.273521 https://vuldb.com/?id.273521 https://vuldb.com/?submit.370591 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •