CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44674
https://notcve.org/view.php?id=CVE-2024-44674
07 Oct 2024 — D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src. • https://github.com/REYu6/iot/blob/21e59c0cf491a9663423c515370c4fcb43436ae0/CVE/dlink/Covr-3902/2600R.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 16%CPEs: 4EXPL: 3CVE-2018-20432 – COVR 3902 1.01B0 Hardcoded Credentials
https://notcve.org/view.php?id=CVE-2018-20432
02 Sep 2020 — D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. D-Link COVR-2600R y COVR-3902 Kit versiones anteriores a 1.01b05Beta01, usan credenciales embebidas para la conexión telnet, lo que permite a atacantes no autenticados obtener acceso privilegiado al enrutador y extraer datos confidenciales o modificar la configuració... • https://packetstorm.news/files/id/159058 • CWE-798: Use of Hard-coded Credentials •