CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-9534 – D-Link DIR-605L formEasySetPassword buffer overflow
https://notcve.org/view.php?id=CVE-2024-9534
05 Oct 2024 — A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formEasySetPassword.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-9533 – D-Link DIR-605L formDeviceReboot buffer overflow
https://notcve.org/view.php?id=CVE-2024-9533
05 Oct 2024 — A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formDeviceReboot.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-9532 – D-Link DIR-605L formAdvanceSetup buffer overflow
https://notcve.org/view.php?id=CVE-2024-9532
05 Oct 2024 — A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.279238 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-9515 – D-Link DIR-605L formSetQoS buffer overflow
https://notcve.org/view.php?id=CVE-2024-9515
04 Oct 2024 — A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. • https://github.com/noahze01/IoT-vulnerable/blob/main/D-Link/DIR-605L/formSetQoS.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-9514 – D-Link DIR-605L formSetDomainFilter buffer overflow
https://notcve.org/view.php?id=CVE-2024-9514
04 Oct 2024 — A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. • https://github.com/noahze01/IoT-vulnerable/blob/main/D-Link/DIR-605L/formSetDomainFilter.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-9004 – D-Link DAR-7000 Backup_Server_commit.php os command injection
https://notcve.org/view.php?id=CVE-2024-9004
19 Sep 2024 — A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/mhtcshe/cve/blob/main/cve.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45698 – D-Link WiFi router - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-45698
16 Sep 2024 — Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. • https://www.twcert.org.tw/tw/cp-132-8090-bf06b-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45697 – D-Link WiFi router - Hidden Functionality
https://notcve.org/view.php?id=CVE-2024-45697
16 Sep 2024 — Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials. • https://www.twcert.org.tw/tw/cp-132-8088-590ed-1.html • CWE-912: Hidden Functionality •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45696 – D-Link WiFi router - Hidden Functionality
https://notcve.org/view.php?id=CVE-2024-45696
16 Sep 2024 — Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device. • https://www.twcert.org.tw/tw/cp-132-8086-93ed5-1.html • CWE-912: Hidden Functionality •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45695 – D-Link WiFi router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-45695
16 Sep 2024 — The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html • CWE-121: Stack-based Buffer Overflow •