CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0921 – D-Link DIR-816 A2 Web Interface setDeviceSettings os command injection
https://notcve.org/view.php?id=CVE-2024-0921
A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiyuanhuaigu/cve/blob/main/rce.md https://vuldb.com/?ctiid.252139 https://vuldb.com/?id.252139 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 88EXPL: 1CVE-2024-0717 – D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
https://notcve.org/view.php?id=CVE-2024-0717
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/999zzzzz/D-Link https://vuldb.com/?ctiid.251542 https://vuldb.com/?id.251542 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37123
https://notcve.org/view.php?id=CVE-2022-37123
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. D-link DIR-816 versión A2_v1.10CNB04.img, es vulnerable a una inyección de comandos por medio del archivo /goform/form2userconfig.cgi • https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/form2userconfig_cgi/readme.md https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36619
https://notcve.org/view.php?id=CVE-2022-36619
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. En D-link DIR-816 versión A2_v1.10CNB04.img, la red puede ser restablecida sin autenticación por medio de /goform/setMAC • https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/setmac/readme.md https://www.dlink.com/en/security-bulletin • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37129
https://notcve.org/view.php?id=CVE-2022-37129
D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection. D-Link DIR-816 versión A2_v1.10CNB04.img, es vulnerable a una inyección de comandos por medio de /goform/SystemCommand. Después de que el usuario pase el parámetro del comando, será empalmado en byte_4836B0 por snprintf, y finalmente doSystem(&byte_4836B0); será ejecutado, resultando en una inyección de comando • https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/SystemCommand/readme.md https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •