CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-19320
https://notcve.org/view.php?id=CVE-2020-19320
Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login. Vulnerabilidad de desbordamiento de búfer en DLINK 619L versión B 2.06beta a través del parámetro curTime al iniciar sesión. • https://github.com/hhhhu8045759/dlink-619l-buffer_overflow https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-19323
https://notcve.org/view.php?id=CVE-2020-19323
An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required Se descubrió un problema en /bin/mini_upnpd en dispositivos D-Link DIR-619L 2.06beta. Hay un desbordamiento del búfer que permite a atacantes remotos reiniciar el router a través del parámetro ST de solicitud de búsqueda M. No se requiere autenticación • https://github.com/hhhhu8045759/619L_upnpd_heapoverflow https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-19319
https://notcve.org/view.php?id=CVE-2020-19319
Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login. Vulnerabilidad de desbordamiento de búfer en DLINK 619L versión B 2.06beta a través del parámetro FILECODE al iniciar sesión. • https://github.com/hhhhu8045759/dir_619l-buffer-overflow • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 96%CPEs: 62EXPL: 1CVE-2014-8361 – Realtek SDK Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2014-8361
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. • https://www.exploit-db.com/exploits/37169 http://jvn.jp/en/jp/JVN47580234/index.html http://jvn.jp/en/jp/JVN67456944/index.html http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 http://www.securityfocus.com/bid/74330 http://www.zerodayinitiative.com/advisories/ZDI-15-155 https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos https://web.archive.org/web/20150909230440/ •