CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29332
https://notcve.org/view.php?id=CVE-2022-29332
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server. D-LINK DIR-825 AC1200 R2 es vulnerable a un Salto de Directorio. Un atacante podría usar la configuración "../../../../" de la carpeta del servidor FTP para establecer la carpeta root del router para el acceso FTP. • https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/d-link_dir-825_R2.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28896
https://notcve.org/view.php?id=CVE-2022-28896
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Una vulnerabilidad de inyección de comandos en el componente /setnetworksettings/SubnetMask de D-Link DIR882 versión DIR882A1_FW130B06, permite a atacantes escalar privilegios a root por medio de una carga útil diseñada • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/2 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28895
https://notcve.org/view.php?id=CVE-2022-28895
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Una vulnerabilidad de inyección de comandos en el componente /setnetworksettings/IPAddress de D-Link DIR882 versión DIR882A1_FW130B06, permite a atacantes escalar privilegios a root por medio de una carga útil diseñada • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/1 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28901
https://notcve.org/view.php?id=CVE-2022-28901
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Una vulnerabilidad de inyección de comandos en el componente /SetTriggerLEDBlink/Blink de D-Link DIR882 versión DIR882A1_FW130B06, permite a atacantes escalar privilegios a root por medio de una carga útil diseñada • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/3 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28915
https://notcve.org/view.php?id=CVE-2022-28915
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. Se ha detectado que D-Link DIR-816 versión A2_v1.10CNB04, contiene una vulnerabilidad de inyección de comandos por medio de los parámetros admuser y admpass en /goform/setSysAdm • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-816/1 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •