CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-15529
https://notcve.org/view.php?id=CVE-2019-15529
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. Se descubrió un problema en los dispositivos D-Link DIR-823G con firmware V1.0.2B05. Hay una inyección de comando en HNAP1 (explotable con autenticación) a través de metacaracteres de shell en el campo Nombre de usuario para iniciar sesión. • https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/823G-102B05-1.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-15530
https://notcve.org/view.php?id=CVE-2019-15530
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. Se descubrió un problema en los dispositivos D-Link DIR-823G con firmware V1.0.2B05. Hay una inyección de comando en HNAP1 (explotable con autenticación) a través de metacaracteres de shell en el campo LoginPassword para iniciar sesión. • https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/823G-102B05-2.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 71%CPEs: 2EXPL: 1CVE-2019-7298
https://notcve.org/view.php?id=CVE-2019-7298
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. Se ha descubierto un problema en dispositivos D-Link DIR-823G con versiones de firmware hasta la 1.02B03. • http://www.securityfocus.com/bid/106814 https://github.com/leonW7/D-Link/blob/master/Vul_2.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 73%CPEs: 2EXPL: 1CVE-2019-7297
https://notcve.org/view.php?id=CVE-2019-7297
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. Se ha descubierto un problema en dispositivos D-Link DIR-823G con firmware hasta la versión 1.02B03. • http://www.securityfocus.com/bid/106815 https://github.com/leonW7/D-Link/blob/master/Vul_1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •