CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25742
https://notcve.org/view.php?id=CVE-2025-25742
12 Feb 2025 — D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module. • https://dear-sunshine-ba5.notion.site/D-Link-DIR-853-3-1812386a664480feaf1ceab444b132b3 • CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 1%CPEs: 1EXPL: 0CVE-2025-25743
https://notcve.org/view.php?id=CVE-2025-25743
12 Feb 2025 — D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module. • https://dear-sunshine-ba5.notion.site/D-Link-DIR-853-1812386a664480229910c137ded2d3f1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25744
https://notcve.org/view.php?id=CVE-2025-25744
12 Feb 2025 — D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module. • https://dear-sunshine-ba5.notion.site/D-Link-DIR-853-4-1812386a664480378626cc13b98e18f5 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-11960 – D-Link DIR-605L formSetPortTr buffer overflow
https://notcve.org/view.php?id=CVE-2024-11960
28 Nov 2024 — A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. • https://github.com/offshore0315/loT-vulnerable/blob/main/D-Link/formSetPortTr.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-11959 – D-Link DIR-605L formResetStatistic buffer overflow
https://notcve.org/view.php?id=CVE-2024-11959
28 Nov 2024 — A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. • https://github.com/offshore0315/loT-vulnerable/blob/main/D-Link/formResetStatistic.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52754
https://notcve.org/view.php?id=CVE-2024-52754
20 Nov 2024 — D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. • https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_tgfile_htm_stackoverflow/detail.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-51151
https://notcve.org/view.php?id=CVE-2024-51151
20 Nov 2024 — D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. • https://github.com/faqiadegege/IoTVuln/blob/main/DI_8200_msp_info_htm_rce/detail.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-52711
https://notcve.org/view.php?id=CVE-2024-52711
19 Nov 2024 — DI-8100 v16.07.26A1 is vulnerable to Buffer Overflow In the ip_position_asp function via the ip parameter. • https://github.com/14mb1v45h/cyberspace-CVE-2024-52711 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28729
https://notcve.org/view.php?id=CVE-2024-28729
12 Nov 2024 — An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. • https://github.com/Mrnmap/mrnmap-cve • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28731
https://notcve.org/view.php?id=CVE-2024-28731
12 Nov 2024 — Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option. • https://github.com/Mrnmap/mrnmap-cve • CWE-352: Cross-Site Request Forgery (CSRF) •