CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-51151
https://notcve.org/view.php?id=CVE-2024-51151
20 Nov 2024 — D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. • https://github.com/faqiadegege/IoTVuln/blob/main/DI_8200_msp_info_htm_rce/detail.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 0CVE-2024-44413
https://notcve.org/view.php?id=CVE-2024-44413
11 Oct 2024 — A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. • https://github.com/IotChan/cve/blob/main/dlink/di-8300/CVE-2024-44413 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44415
https://notcve.org/view.php?id=CVE-2024-44415
11 Oct 2024 — A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. • https://github.com/IotChan/cve/blob/main/dlink/DI-8200/CVE-2024-44415 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •