CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7163 – D-Link D-View 8 Unauthenticated Probe-Core Server Communication
https://notcve.org/view.php?id=CVE-2023-7163
A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the execution of tasks on other probes. Existe un problema de seguridad en D-Link D-View 8 v2.0.2.89 y anteriores que podría permitir a un atacante manipular el inventario de sonda del servicio D-View. Esto podría dar como resultado la divulgación de información de otras sondas, la denegación de condiciones de servicio debido a que el inventario de la sonda se llena o la ejecución de tareas en otras sondas. • https://tenable.com/security/research/tra-2023-43 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49004
https://notcve.org/view.php?id=CVE-2023-49004
An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. Un problema en D-Link DIR-850L v.B1_FW223WWb01 permite a un atacante remoto ejecutar código arbitrario a través de un script manipualdo para el parámetro en. • https://github.com/ef4tless/vuln/blob/master/iot/DIR-850L/bug1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-6581 – D-Link DAR-7000 workidajax.php sql injection
https://notcve.org/view.php?id=CVE-2023-6581
A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247162 is the identifier assigned to this vulnerability. • https://github.com/flyyue2001/cve/blob/main/D-LINK%20-DAR-7000_sql_workidajax.md https://vuldb.com/?ctiid.247162 https://vuldb.com/?id.247162 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-6580 – D-Link DIR-846 QoS POST deserialization
https://notcve.org/view.php?id=CVE-2023-6580
A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md https://vuldb.com/?ctiid.247161 https://vuldb.com/?id.247161 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-48842
https://notcve.org/view.php?id=CVE-2023-48842
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. Se descubrió que D-Link Go-RT-AC750 revA_v101b03 contenía una vulnerabilidad de inyección de comandos a través del parámetro de servicio en hedwig.cgi. • https://github.com/creacitysec/CVE-2023-48842 https://drive.google.com/file/d/1y5om__f2SAhNmcPqDxC_SRTvJVAWwPcH/view?usp=drive_link • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •