CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 1CVE-2022-38873
https://notcve.org/view.php?id=CVE-2022-38873
20 Dec 2022 — D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header. Dispositivos D-Link DAP-2310 v2.10rc036 y anteriores, DAP-2330 v1.0... • https://github.com/Yuhao-W/BUG--D-Link--Firmware-Update-Vulnerabilities/blob/main/README.md • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 1CVE-2021-28840
https://notcve.org/view.php?id=CVE-2021-28840
10 Aug 2021 — Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_config function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the content in upload_file variable is NULL in the upload_config function then the strncasecmp would take NULL as first argument, and incur the NULL pointer de... • https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2021-28839
https://notcve.org/view.php?id=CVE-2021-28839
10 Aug 2021 — Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the strrchr in the upload_certificate function would take NULL as first argument, and incur the NULL pointer dereference vulnerability. Una vulnerabilidad... • https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 1CVE-2021-28838
https://notcve.org/view.php?id=CVE-2021-28838
10 Aug 2021 — Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary. Una vulnerabilidad de Desreferencia de Puntero Null en D-Link DAP-2310 versión 2,10RC039, DAP-2330 versión 1.10RC036 BETA, DAP-236... • https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 4%CPEs: 20EXPL: 0CVE-2016-1558 – D-Link / Netgear FIRMADYNE Command Injection / Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-1558
26 Feb 2016 — Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie. Desbordamiento de búfer en D-Link DAP-2310 2.06 y versiones anteriores, DAP-2330 1.06 y versiones anteriores, DAP-2360 2.06 y versiones anterio... • http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1559 – D-Link / Netgear FIRMADYNE Command Injection / Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-1559
26 Feb 2016 — D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. D-Link DAP-1353 H/W vers. • http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •