CVSS: 5.3EPSS: 0%CPEs: 88EXPL: 1CVE-2024-0717 – D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
https://notcve.org/view.php?id=CVE-2024-0717
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/999zzzzz/D-Link https://vuldb.com/?ctiid.251542 https://vuldb.com/?id.251542 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 22%CPEs: 8EXPL: 0CVE-2021-42627
https://notcve.org/view.php?id=CVE-2021-42627
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. La página de configuración de la WAN "wan.htm" en los dispositivos D-Link DIR-615 con el firmware versión 20.06, puede ser accedida directamente sin autenticación lo que puede conllevar a divulgar la información sobre la configuración de la WAN y también aprovechar el atacante para modificar los campos de datos de la página. • http://d-link.com http://dlink.com https://github.com/sanjokkarki/D-Link-DIR-615/blob/main/CVE-2021-42627 https://www.dlink.com/en/security-bulletin •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-40654
https://notcve.org/view.php?id=CVE-2021-40654
An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page Se presenta un problema de divulgación de información en D-LINK-DIR-615 B2 versión 2.01mt. Un atacante puede obtener un nombre de usuario y contraseña al falsificar una petición a la página / getcfg.php • https://github.com/Ilovewomen/D-LINK-DIR-615 https://www.dlink.com/en/security-bulletin • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2021-37388
https://notcve.org/view.php?id=CVE-2021-37388
A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution. Un desbordamiento del búfer en D-Link DIR-615 C2 versión 3.03WW. El parámetro ping_ipaddr en la petición POST del archivo ping_response.cgi permite a un atacante bloquear el servidor web e incluso obtener una ejecución de código remota • https://github.com/noobexploiter/IOTHACKS/blob/main/vuln1.md https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 14%CPEs: 2EXPL: 2CVE-2019-17525 – D-Link DIR-615 T1 20.10 - CAPTCHA Bypass
https://notcve.org/view.php?id=CVE-2019-17525
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks. La página de inicio de sesión en los dispositivos D-Link DIR-615 versión T1 20.10, permite a atacantes remotos omitir el mecanismo de protección CAPTCHA y conducir ataques de fuerza bruta. D-Link DIR-615 T1 version 20.10 suffers from a CAPTCHA bypass vulnerability. • https://www.exploit-db.com/exploits/48551 https://github.com/huzaifahussain98/CVE-2019-17525 http://packetstormsecurity.com/files/157936/D-Link-DIR-615-T1-20.10-CAPTCHA-Bypass.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •