CVE-2022-46475
https://notcve.org/view.php?id=CVE-2022-46475
D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function. • https://github.com/Insight8991/iot/blob/main/DIR-645%20genacgi%20Stack%20overflow.md • CWE-787: Out-of-bounds Write •
CVE-2021-43722
https://notcve.org/view.php?id=CVE-2021-43722
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. D-Link DIR-645 versión 1.03 A1, es vulnerable a un desbordamiento de búfer. La función hnap_main en el manejador cgibin usa sprintf para formatear el encabezado soapaction en la pila y no presenta límite en el tamaño • https://github.com/luqiut/iot/blob/main/DIR-645%20Stack%20overflow.md https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVE-2020-25786
https://notcve.org/view.php?id=CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header El archivo webinc/js/info.php en dispositivos D-Link DIR-816L versión 2.06.B09_BETA y DIR-803 versión 1.04.B02, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor. NOTA: esto típicamente no es explotable debido a la codificación de URL (excepto en Internet Explorer) y porque una página web no puede especificar que un cliente debe realizar una petición HTTP adicional con un encabezado Referer arbitrario • https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-2052
https://notcve.org/view.php?id=CVE-2015-2052
Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. Desbordamiento de buffer basado en pila en el router DIR-645 Wired/Wireless Rev. Ax con firmware 1.04b12 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga en una acción GetDeviceSettings en la interfaz HNAP. • http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051 http://www.securityfocus.com/bid/72623 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-2051 – D-Link DIR-645 Router Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2051
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. El router D-Link DIR-645 Wired/Wireless Rev. Ax con firmware 1.04b12 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de una acción GetDeviceSettings en la interfaz HNAP. D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. • https://www.exploit-db.com/exploits/37171 http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051 http://www.securityfocus.com/bid/72623 http://www.securityfocus.com/bid/74870 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •