CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29778
https://notcve.org/view.php?id=CVE-2022-29778
D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php D-Link DIR-890L versión 1.20b01, permite a atacantes ejecutar código arbitrario debido a la opción Wake-On-Lan embebida para el parámetro "descriptor" en el archivo SetVirtualServerSettings.php • https://github.com/TyeYeah/DIR-890L-1.20-RCE https://www.dlink.com/en/security-bulletin • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-30521
https://notcve.org/view.php?id=CVE-2022-30521
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. La interfaz de configuración web del lado de la LAN presenta una vulnerabilidad de desbordamiento de búfer en la región Stack de la memoria en el firmware del router Wi-Fi D-Link DIR-890L versiones DIR890LA1_FW107b09.bin y anteriores. La función creada en 0x17958 de /htdocs/cgibin llama a sprintf sin comprobar la longitud de las cadenas en los parámetros dados por el encabezado HTTP y puede ser controlada por los usuarios fácilmente. • https://github.com/winmt/CVE/blob/main/DIR-890L/README.md https://github.com/winmt/my-vuls/tree/main/DIR-890L https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28932
https://notcve.org/view.php?id=CVE-2022-28932
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. Se ha detectado que D-Link DSL-G2452DG versión HW:T1\tFW:ME_2.00, contiene permisos no seguros • http://d-link.com http://dsl-g2452dg.com https://github.com/1759134370/iot/blob/main/dsl https://www.dlink.com/en/security-bulletin • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28956
https://notcve.org/view.php?id=CVE-2022-28956
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. Un problema en el componente getcfg.php de D-Link DIR816L_FW206b01 permite a atacantes acceder al dispositivo por medio de una carga útil diseñada • https://github.com/shijin0925/IOT/blob/master/DIR816/4.md https://www.dlink.com/en/security-bulletin •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 1CVE-2022-28955
https://notcve.org/view.php?id=CVE-2022-28955
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. Un problema de control de acceso en D-Link DIR816L_FW206b01 permite a atacantes no autenticados acceder a las carpetas folder_view.php y category_view.php • https://github.com/shijin0925/IOT/blob/master/DIR816/1.md https://www.dlink.com/en/security-bulletin • CWE-287: Improper Authentication •