CVE-2020-19318
https://notcve.org/view.php?id=CVE-2020-19318
Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program. Vulnerabilidad de Desbordamiento de Búfer en D-Link DIR-605L, versión de hardware AX, versión de firmware 1.17beta e inferior, permite a atacantes autorizados ejecutar código arbitrario mediante el envío de datos manipulados al programa de servicio del servidor web. • https://github.com/hhhhu8045759/dir_605L-stack-overflow/blob/master/README.md • CWE-787: Out-of-bounds Write •
CVE-2023-29961
https://notcve.org/view.php?id=CVE-2023-29961
D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup, • https://github.com/Archerber/bug_submit/blob/main/D-Link/dir605l.md https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVE-2021-40655 – D-Link DIR-605 Router Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-40655
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page Se presenta un problema de divulgación de información en D-LINK-DIR-605 B2 Firmware Versión : 2.01MT. Un atacante puede obtener un nombre de usuario y una contraseña al falsificar una petición de envío a la página / getcfg.php D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page. • https://github.com/Ilovewomen/D-LINK-DIR-605 https://www.dlink.com/en/security-bulletin • CWE-863: Incorrect Authorization •
CVE-2014-8361 – Realtek SDK Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2014-8361
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. • https://www.exploit-db.com/exploits/37169 http://jvn.jp/en/jp/JVN47580234/index.html http://jvn.jp/en/jp/JVN67456944/index.html http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 http://www.securityfocus.com/bid/74330 http://www.zerodayinitiative.com/advisories/ZDI-15-155 https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos https://web.archive.org/web/20150909230440/ •