CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-42406
https://notcve.org/view.php?id=CVE-2023-42406
SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component. Vulnerabilidad de inyección SQL en la puerta de enlace de auditoría de comportamiento de D-Link Online DAR-7000 V31R02B1413C permite a un atacante remoto obtener información confidencial y ejecutar código arbitrario a través del componente editrole.php. • https://github.com/1dreamGN/CVE/blob/main/CVE-2023-42406.md https://github.com/flyyue2001/cve/blob/main/D-LINK%20-DAR-7000_sql_:sysmanage:editrole.php.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-46033
https://notcve.org/view.php?id=CVE-2023-46033
D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control. D-Link (Non-US) DSL-2750U N300 ADSL2+ y (Non-US) DSL-2730U N150 ADSL2+ son vulnerables a un control de acceso incorrecto. La interfaz UART/Serial en la PCB proporciona salida de registro y un terminal root sin control de acceso adecuado. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10357 https://www.dlink.com/en/products/dsl-2730u-wireless-n150-adsl2-router https://www.dlink.com/en/products/dsl-2750u-wireless-n-300-adsl2-modem-router • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-44693
https://notcve.org/view.php?id=CVE-2023-44693
D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php. La puerta de enlace de auditoría de comportamiento de D-Link Online DAR-7000 V31R02B1413C es vulnerable a la inyección SQL a través de /importexport.php. • https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_sql_%20importexport.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-44694
https://notcve.org/view.php?id=CVE-2023-44694
D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php. La puerta de enlace de auditoría de comportamiento de D-Link Online DAR-7000 V31R02B1413C es vulnerable a la inyección SQL a través de /log/mailrecvview.php. • https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_rce_%20mailrecvview.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-44808
https://notcve.org/view.php?id=CVE-2023-44808
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function. D-Link DIR-820L 1.05B03 tiene una vulnerabilidad de desbordamiento de pila en la función sub_4507CC. • https://github.com/Archerber/bug_submit/blob/main/D-Link/DIR-820l/bug3.md • CWE-787: Out-of-bounds Write •