CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25282
https://notcve.org/view.php?id=CVE-2023-25282
A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/Permanent%20DDOS%20vulnerability%20in%20emailInfo https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25283
https://notcve.org/view.php?id=CVE-2023-25283
A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the reserveDHCP_HostName_1.1.1.0 parameter to lan.asp. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/stackoverflow%20%20in%20reserveDHCP_HostName_1.1.1.0 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 94%CPEs: 36EXPL: 2CVE-2015-1187 – D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1187
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. La herramienta de ping en múltiples dispositivos D-Link y TRENDnet permite que los atacantes remotos ejecuten código arbitrario mediante el parámetro ping_addr a ping.ccp. D-Link DIR636L suffers from a remote command injection vulnerability. The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. • https://www.exploit-db.com/exploits/41677 http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html http://seclists.org/fulldisclosure/2015/Mar/15 http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052 http://www.securityfocus.com/bid/72848 https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2 https://seclists.org/fulldisclosure/2015/Mar/15 • CWE-287: Improper Authentication •