CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33343
https://notcve.org/view.php?id=CVE-2024-33343
26 Apr 2024 — D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. Se descubrió que D-Link DIR-822+ V1.0.5 contenía una inyección de comando en la función ChgSambaUserSettings de prog.cgi, que permite a atacantes remotos ejecutar comandos arbitrarios a través del shell. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-822%2B • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25331
https://notcve.org/view.php?id=CVE-2024-25331
12 Mar 2024 — DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution (RCE) vulnerability elevated from HNAP Stack-Based Buffer Overflow. El firmware DIR-822 Rev. B v2.02KRB09 y el firmware DIR-822-CA Rev. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10372 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 21%CPEs: 88EXPL: 1CVE-2024-0717 – D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
https://notcve.org/view.php?id=CVE-2024-0717
19 Jan 2024 — A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, D... • https://github.com/999zzzzz/D-Link • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 10%CPEs: 2EXPL: 1CVE-2023-51984
https://notcve.org/view.php?id=CVE-2023-51984
11 Jan 2024 — D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell. Se descubrió que D-Link DIR-822+ V1.0.2 contenía una inyección de comando en la función SetStaticRouteSettings. permite a atacantes remotos ejecutar comandos arbitrarios a través de shell. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/dir822+/1/readme.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51987
https://notcve.org/view.php?id=CVE-2023-51987
11 Jan 2024 — D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. D-Link DIR-822+ V1.0.2 contiene una omisión de inicio de sesión en la interfaz HNAP1, que permite a los atacantes iniciar sesión en cuentas de administrador con contraseñas vacías. • https://github.com/funny-mud-peee/IoT-vuls/tree/main/dir822%2B/2 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51989
https://notcve.org/view.php?id=CVE-2023-51989
11 Jan 2024 — D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. D-Link DIR-822+ V1.0.2 contiene una omisión de inicio de sesión en la interfaz HNAP1, que permite a los atacantes iniciar sesión en cuentas de administrador con contraseñas vacías. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/dir822+/2/readme.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2019-6258
https://notcve.org/view.php?id=CVE-2019-6258
18 Aug 2020 — D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file. Los dispositivos D-Link DIR-822 Rev.Bx con versión de firmware v.202KRb06 y anteriores, permiten un desbordamiento del búfer por medio de datos largos de MacAddress en un mensaje de protocolo HNAP /HNAP1/SetClientInfo, que es manejado inapropiadamente ... • https://github.com/pr0v3rbs/CVE/tree/master/CVE-2019-6258 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2019-20213
https://notcve.org/view.php?id=CVE-2019-20213
02 Jan 2020 — D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php. • https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 92%CPEs: 37EXPL: 4CVE-2019-17621 – D-Link DIR-859 Router Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-17621
30 Dec 2019 — The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SU... • https://packetstorm.news/files/id/156054 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 10%CPEs: 2EXPL: 1CVE-2018-19990
https://notcve.org/view.php?id=CVE-2018-19990
13 May 2019 — In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and $rphyinf2."/media/wps/enrollee/pin" and $rphyinf3."/media/wps/enrollee/pin" internal configuration memory without any regex checking. • https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •