CVE-2023-36089
https://notcve.org/view.php?id=CVE-2023-36089
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. • https://www.dlink.com/en/security-bulletin https://www.dlink.com/en/support • CWE-863: Incorrect Authorization •
CVE-2022-46475
https://notcve.org/view.php?id=CVE-2022-46475
D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function. • https://github.com/Insight8991/iot/blob/main/DIR-645%20genacgi%20Stack%20overflow.md • CWE-787: Out-of-bounds Write •
CVE-2022-32092
https://notcve.org/view.php?id=CVE-2022-32092
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. Se ha detectado que D-Link DIR-645 versión v1.03, contiene una vulnerabilidad de inyección de comandos por medio del parámetro QUERY_STRING en el archivo __ajax_explorer.sgi • https://github.com/fxc233/iot-vul/tree/main/D-Link/DIR-645 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-43722
https://notcve.org/view.php?id=CVE-2021-43722
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. D-Link DIR-645 versión 1.03 A1, es vulnerable a un desbordamiento de búfer. La función hnap_main en el manejador cgibin usa sprintf para formatear el encabezado soapaction en la pila y no presenta límite en el tamaño • https://github.com/luqiut/iot/blob/main/DIR-645%20Stack%20overflow.md https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVE-2020-25786
https://notcve.org/view.php?id=CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header El archivo webinc/js/info.php en dispositivos D-Link DIR-816L versión 2.06.B09_BETA y DIR-803 versión 1.04.B02, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor. NOTA: esto típicamente no es explotable debido a la codificación de URL (excepto en Internet Explorer) y porque una página web no puede especificar que un cliente debe realizar una petición HTTP adicional con un encabezado Referer arbitrario • https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •