CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-44402
https://notcve.org/view.php?id=CVE-2024-44402
06 Sep 2024 — D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. • https://github.com/lonelylonglong/openfile-/blob/main/msp.md/msp.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44408
https://notcve.org/view.php?id=CVE-2024-44408
06 Sep 2024 — D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords. • https://github.com/lonelylonglong/openfile-/blob/main/DIR-823G.md/DIR-823G.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2024-8461 – D-Link DNS-320 Web Management Interface discovery.cgi information disclosure
https://notcve.org/view.php?id=CVE-2024-8461
05 Sep 2024 — A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/IoT-Vuls/tree/main/Dlink-dns320/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-8460 – D-Link DNS-320 Web Management Interface widget_api.cgi information disclosure
https://notcve.org/view.php?id=CVE-2024-8460
05 Sep 2024 — A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Affected by this issue is some unknown functionality of the file /cgi-bin/widget_api.cgi of the component Web Management Interface. The manipulation of the argument getHD/getSer/getSys leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. • https://github.com/leetsun/IoT-Vuls/tree/main/Dlink-dns320/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 0CVE-2024-44400
https://notcve.org/view.php?id=CVE-2024-44400
04 Sep 2024 — D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgrade_filter_asp. A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. • https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8400-16.07.26A1_Command_Injection.md/D-link_DI_8400-16.07.26A1_Command_Injection.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 1CVE-2024-8214 – D-Link DNS-1550-04 hd_config.cgi cgi_FMT_Std2R5_2nd_DiskMGR command injection
https://notcve.org/view.php?id=CVE-2024-8214
27 Aug 2024 — A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected by this vulnerability is the function cgi_FMT_Std2R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack can be launched remotely. The exploit h... • https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R5_2nd_DiskMGR.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 1CVE-2024-8213 – D-Link DNS-1550-04 hd_config.cgi cgi_FMT_R12R5_1st_DiskMGR command injection
https://notcve.org/view.php?id=CVE-2024-8213
27 Aug 2024 — A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_FMT_R12R5_1st_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. It is possible to launch the attack remotely. The exploit has been d... • https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_1st_DiskMGR.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 1CVE-2024-8212 – D-Link DNS-1550-04 hd_config.cgi cgi_FMT_R12R5_2nd_DiskMGR command injection
https://notcve.org/view.php?id=CVE-2024-8212
27 Aug 2024 — A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_R12R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. • https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_2nd_DiskMGR.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 1CVE-2024-8211 – D-Link DNS-1550-04 hd_config.cgi cgi_FMT_Std2R1_DiskMGR command injection
https://notcve.org/view.php?id=CVE-2024-8211
27 Aug 2024 — A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This vulnerability affects the function cgi_FMT_Std2R1_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_newly_dev leads to command injection. The attack can be initiated remotely. • https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R1_DiskMGR.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 1CVE-2024-8210 – D-Link DNS-1550-04 hd_config.cgi sprintf command injection
https://notcve.org/view.php?id=CVE-2024-8210
27 Aug 2024 — A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_mount leads to command injection. It is possible to initiate the attack remotely. • https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_3rd_DiskMGR.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •