CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-9515 – D-Link DIR-605L formSetQoS buffer overflow
https://notcve.org/view.php?id=CVE-2024-9515
04 Oct 2024 — A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. • https://github.com/noahze01/IoT-vulnerable/blob/main/D-Link/DIR-605L/formSetQoS.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-9514 – D-Link DIR-605L formSetDomainFilter buffer overflow
https://notcve.org/view.php?id=CVE-2024-9514
04 Oct 2024 — A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. • https://github.com/noahze01/IoT-vulnerable/blob/main/D-Link/DIR-605L/formSetDomainFilter.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-9004 – D-Link DAR-7000 Backup_Server_commit.php os command injection
https://notcve.org/view.php?id=CVE-2024-9004
19 Sep 2024 — A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/mhtcshe/cve/blob/main/cve.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44589
https://notcve.org/view.php?id=CVE-2024-44589
18 Sep 2024 — Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code. • https://www.dlink.com/en/security-bulletin • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-44333
https://notcve.org/view.php?id=CVE-2024-44333
09 Sep 2024 — D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious string to the CGI function responsible for handling usb_paswd.asp. • https://gist.github.com/Swind1er/c8656b32058e28e64f92d100c92ca12c • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-44334
https://notcve.org/view.php?id=CVE-2024-44334
09 Sep 2024 — D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgrade_filter.asp. • https://gist.github.com/Swind1er/563789899a7a4b9c261045a15efea952 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-44335
https://notcve.org/view.php?id=CVE-2024-44335
09 Sep 2024 — D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp. • https://gist.github.com/Swind1er/029fb2a9dab916f926fab40cc059223f • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44375
https://notcve.org/view.php?id=CVE-2024-44375
09 Sep 2024 — D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function. • https://github.com/Nop3z/CVE/blob/main/dlink/DI-8100/Dlink-di8100-dbsrv_asp-overflow.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-44410
https://notcve.org/view.php?id=CVE-2024-44410
09 Sep 2024 — D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. • https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44410 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-44401
https://notcve.org/view.php?id=CVE-2024-44401
06 Sep 2024 — D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file • https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8100GA1_Command_Injection.md/D-link_DI_8100GA1_Command_Injection.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •