CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43129
https://notcve.org/view.php?id=CVE-2023-43129
D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters. El router inalámbrico D-LINK DIR-806 1200M11AC DIR806A1_FW100CNb11 es vulnerable a la inyección de comandos debido al filtrado laxo de los parámetros REMOTE_PORT. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-806 https://github.com/mmmmmx1/dlink/blob/main/DIR-806/2/readme.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43130
https://notcve.org/view.php?id=CVE-2023-43130
D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. El router inalámbrico D-LINK DIR-806 1200M11AC DIR806A1_FW100CNb11 es vulnerable a la inyección de comandos. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-806 https://github.com/mmmmmx1/dlink/tree/main/DIR-806/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43128
https://notcve.org/view.php?id=CVE-2023-43128
D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters. El router inalámbrico D-LINK DIR-806 1200M11AC DIR806A1_FW100CNb11 es vulnerable a la inyección de comandos debido al filtrado laxo de los parámetros HTTP_ST. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-806 https://github.com/mmmmmx1/dlink/blob/main/DIR-806/1/readme.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10892
https://notcve.org/view.php?id=CVE-2019-10892
An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnap_main at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users. And it finally leads to a stack-based buffer overflow via a special HTTP header. Se ha descubierto un problema en los dispositivos D-Link DIR-806. • https://github.com/Kirin-say/Vulnerabilities/blob/master/DIR-806_Stack_Overflow_to_Run_Shellcode.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10891
https://notcve.org/view.php?id=CVE-2019-10891
An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header. Se detectó un problema en los dispositivos D-Link DIR-806. Hay una inyección de comando en la función hnap_main, que llama al sistema () sin verificar el parámetro que puede ser controlado por el usuario, y finalmente permite a los atacantes remotos ejecutar comandos de shell arbitrarios con un encabezado HTTP especial. • https://github.com/Kirin-say/Vulnerabilities/blob/master/DIR-806_Code_Injection.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •