CVE-2022-36588
https://notcve.org/view.php?id=CVE-2022-36588
In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy. En el firmware D-Link DAP1650 versiones v1.04, el programa fileaccess.cgi en el firmware presenta una vulnerabilidad de desbordamiento de búfer causada por strncpy • https://github.com/Davidteeri/Bug-Report/blob/main/dlink-dap1650-0x419EF8.md https://support.dlink.com/ProductInfo.aspx?m=DAP-1650 https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-12768
https://notcve.org/view.php?id=CVE-2019-12768
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing. Se detectó un problema en los dispositivos D-Link DAP-1650 versiones hasta v1.03b07 versiones anteriores a 1.04B02_J65H Hot Fix. Los atacantes pueden omitir la autenticación por medio de una navegación forzada. • ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf • CWE-425: Direct Request ('Forced Browsing') •
CVE-2019-12767
https://notcve.org/view.php?id=CVE-2019-12767
An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands. Se detectó un problema en los dispositivos D-Link DAP-1650 versiones anteriores a 1.04B02_J65H Hot Fix. Los atacantes pueden ejecutar comandos arbitrarios. • ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •