CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 1CVE-2024-8129 – D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3_modify command injection
https://notcve.org/view.php?id=CVE-2024-8129
24 Aug 2024 — A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_s3_modify of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_job_name leads to command injection. It is possible to launch the attack rem... • https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_s3_modify.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 1CVE-2024-8128 – D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_add_zip command injection
https://notcve.org/view.php?id=CVE-2024-8128
24 Aug 2024 — A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_add_zip of the file /cgi-bin/webfile_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument path leads to command injection. The attack may be initiate... • https://vuldb.com/?id.275699 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 1CVE-2024-8127 – D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_unzip command injection
https://notcve.org/view.php?id=CVE-2024-8127
24 Aug 2024 — A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This vulnerability affects the function cgi_unzip of the file /cgi-bin/webfile_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument path leads to command injection. The attack can be initiated remotely.... • https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_unzip.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43032
https://notcve.org/view.php?id=CVE-2024-43032
23 Aug 2024 — autMan v2.9.6 allows attackers to bypass authentication via a crafted web request. • https://github.com/Nop3z/CVE/blob/main/dlink/DI-8100/Dlink-di8100-dbsrv_asp-overflow.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43031
https://notcve.org/view.php?id=CVE-2024-43031
23 Aug 2024 — autMan v2.9.6 was discovered to contain an access control issue. • http://autman.com • CWE-121: Stack-based Buffer Overflow CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-44381
https://notcve.org/view.php?id=CVE-2024-44381
23 Aug 2024 — D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function. • https://github.com/GroundCTL2MajorTom/pocs/blob/main/dlink_DI8004W.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44382
https://notcve.org/view.php?id=CVE-2024-44382
23 Aug 2024 — D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function. • https://github.com/GroundCTL2MajorTom/pocs/blob/main/dlink_DI8004W.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 3%CPEs: 40EXPL: 1CVE-2024-7922 – D-Link DNS-1550-04 myMusic.cgi cgi_write_playlist command injection
https://notcve.org/view.php?id=CVE-2024-7922
19 Aug 2024 — A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_audio_search/cgi_create_playlist/cgi_get_album_all_tracks/cgi_get_alltracks_editlist/cgi_get_artist_all_album/cgi_get_genre_all_tracks/cgi_get_tracks_list/cgi_set_airplay_content/cgi_writ... • https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_create_playlist.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42812
https://notcve.org/view.php?id=CVE-2024-42812
19 Aug 2024 — In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. • https://gist.github.com/XiaoCurry/574ed9c2b0d12cd0b45399116d82121c • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 1CVE-2024-7849 – D-Link DNS-1550-04 photocenter_mgr.cgi cgi_create_album buffer overflow
https://notcve.org/view.php?id=CVE-2024-7849
15 Aug 2024 — A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This affects the function cgi_create_album of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has b... • https://vuldb.com/?id.274755 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •