CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20694
https://notcve.org/view.php?id=CVE-2021-20694
Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors. Una vulnerabilidad de control de acceso inapropiado en DAP-1880AC versiones de firmware 1.21 y anteriores, permite a un atacante autenticado remoto omitir una restricción de acceso e iniciar un servicio Telnet por medio de vectores no especificados • https://jvn.jp/en/vu/JVNVU92898656/index.html https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27114
https://notcve.org/view.php?id=CVE-2021-27114
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address. Se detectó un problema en los dispositivos D-Link DIR-816 A2 versión 1.10 B05. Dentro de la función handler de la ruta /goform/addassignment, una entrada de texto muy larga para los campos "'s_ip" y "s_mac" podría conllevar a un desbordamiento del búfer en la región stack de la memoria y sobrescribir la dirección de retorno • https://github.com/GD008/vuln/blob/main/DIR-816_stackoverflow.md https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2021-27113
https://notcve.org/view.php?id=CVE-2021-27113
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters. Se detectó un problema en los dispositivos D-Link DIR-816 A2 versión 1.10 B05. Un parámetro HTTP request es usada en la construcción de cadenas de comandos dentro de la función handler de la ruta /goform/addRouting. • https://github.com/GD008/vuln/blob/main/DIR-816_2.md https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29379
https://notcve.org/view.php?id=CVE-2021-29379
An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Se detectó un problema en los dispositivos D-Link DIR-802 A1 versiones hasta 1.00b05. Universal Plug and Play (UPnP) está habilitado por defecto en el puerto 1900. • https://cool-y.github.io/2021/03/02/DIR-802-OS-Command-Injection https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10206 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2020-27600
https://notcve.org/view.php?id=CVE-2020-27600
HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter. En el archivo HNAP1/control/SetMasterWLanSettings.php en D-Link Router DIR-846 versión DIR-846 A1_100.26, permite a atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en el parámetro ssid0 o ssid1. • https://github.com/pwnninja/dlink/blob/main/DIR-846_SetMasterWLanSettingsCI.md https://www.dlink.com https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •