CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-27720
https://notcve.org/view.php?id=CVE-2023-27720
09 Apr 2023 — D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. • https://github.com/HolyTruth/DIR_878-1.30B08/blob/main/4.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 1CVE-2022-48107
https://notcve.org/view.php?id=CVE-2022-48107
27 Jan 2023 — D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20inject%20in%20IPAddress • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 1CVE-2022-48108
https://notcve.org/view.php?id=CVE-2022-48108
27 Jan 2023 — D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20inject%20in%20Netmask • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2022-43184
https://notcve.org/view.php?id=CVE-2022-43184
19 Oct 2022 — D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi. Se ha detectado que D-Link DIR878 versión 1.30B08 Hotfix_04, contiene una vulnerabilidad de inyección de comandos por medio del componente /bin/proc.cgi • https://github.com/HuangPayoung/CVE-request/tree/main/DLink/vuln2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 59EXPL: 1CVE-2022-1262
https://notcve.org/view.php?id=CVE-2022-1262
11 Apr 2022 — A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. Una vulnerabilidad de inyección de comandos en el binario de protesta permite a un atacante con acceso a la interfaz de línea de comandos remota ejecutar comandos arbitrarios como root • https://www.tenable.com/security/research/tra-2022-09 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 16%CPEs: 6EXPL: 0CVE-2021-44880
https://notcve.org/view.php?id=CVE-2021-44880
04 Feb 2022 — D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. Se ha detectado que los dispositivos D-Link DIR_878 versiones DIR_878_FW1.30B08_Hotfix_02 y DIR_882 DIR_882_FW1.30B06_Hotfix_02, contienen una vulnerabilidad de inyección de comandos en la función system. Esta vulnerabilidad permite a a... • https://github.com/pjqwudi/my_vuln/blob/main/D-link/vuln_2/2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 8%CPEs: 3EXPL: 0CVE-2021-44882
https://notcve.org/view.php?id=CVE-2021-44882
04 Feb 2022 — D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. Se ha detectado que el dispositivo D-Link DIR_878_FW1.30B08_Hotfix_02, contiene una vulnerabilidad de inyección de comandos en la función twsystem. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petición POST HNAP1 diseñada • https://github.com/pjqwudi/my_vuln/blob/main/D-link/vuln_1/1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •