NotCVE - vendor:"Dlink" product:"Dir-822 Firmware" version:" <= 3.10b06"

10 results (0.009 seconds)

CVSS: 5.3EPSS: 21%CPEs: 88EXPL: 1

CVE-2024-0717 – D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure

https://notcve.org/view.php?id=CVE-2024-0717

19 Jan 2024 — A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, D... • https://github.com/999zzzzz/D-Link • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 10%CPEs: 2EXPL: 1

CVE-2023-51984

https://notcve.org/view.php?id=CVE-2023-51984

11 Jan 2024 — D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell. Se descubrió que D-Link DIR-822+ V1.0.2 contenía una inyección de comando en la función SetStaticRouteSettings. permite a atacantes remotos ejecutar comandos arbitrarios a través de shell. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/dir822+/1/readme.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

CVE-2023-51987

https://notcve.org/view.php?id=CVE-2023-51987

11 Jan 2024 — D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. D-Link DIR-822+ V1.0.2 contiene una omisión de inicio de sesión en la interfaz HNAP1, que permite a los atacantes iniciar sesión en cuentas de administrador con contraseñas vacías. • https://github.com/funny-mud-peee/IoT-vuls/tree/main/dir822%2B/2 • CWE-306: Missing Authentication for Critical Function •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

CVE-2023-51989

https://notcve.org/view.php?id=CVE-2023-51989

11 Jan 2024 — D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. D-Link DIR-822+ V1.0.2 contiene una omisión de inicio de sesión en la interfaz HNAP1, que permite a los atacantes iniciar sesión en cuentas de administrador con contraseñas vacías. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/dir822+/2/readme.md • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1

CVE-2019-6258

https://notcve.org/view.php?id=CVE-2019-6258

18 Aug 2020 — D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file. Los dispositivos D-Link DIR-822 Rev.Bx con versión de firmware v.202KRb06 y anteriores, permiten un desbordamiento del búfer por medio de datos largos de MacAddress en un mensaje de protocolo HNAP /HNAP1/SetClientInfo, que es manejado inapropiadamente ... • https://github.com/pr0v3rbs/CVE/tree/master/CVE-2019-6258 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0

CVE-2019-20213

https://notcve.org/view.php?id=CVE-2019-20213

02 Jan 2020 — D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php. • https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-863: Incorrect Authorization •

CVSS: 10.0EPSS: 92%CPEs: 37EXPL: 4

CVE-2019-17621 – D-Link DIR-859 Router Command Execution Vulnerability

https://notcve.org/view.php?id=CVE-2019-17621

30 Dec 2019 — The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SU... • https://packetstorm.news/files/id/156054 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

CVE-2018-20675

https://notcve.org/view.php?id=CVE-2018-20675

09 Jan 2019 — D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. Los dispositivos D-Link que utilizan determinadas versiones (las DIR-822 C1 anteriores a la v3.11B01Beta, las DIR-822-US C1 anteriores a la v3.11B01Beta, las DIR-850L A* anteriores a la v1.21B08Beta, las DIR-850L B* anteriores a la v2.22B03Beta y las DIR-880L A* anteriores a la v1.20B02Beta) permit... • https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101 • CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

CVE-2018-20674

https://notcve.org/view.php?id=CVE-2018-20674

09 Jan 2019 — D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. Los dispositivos D-Link que utilizan determinadas versiones (las DIR-822 C1 anteriores a la v3.11B01Beta, las DIR-822-US C1 anteriores a la v3.11B01Beta, las DIR-850L A* anteriores a la v1.21B08Beta, las DIR-850L B* anteriores a la v2.22B03Beta y las DIR-880L A* anteriores a la v1.... • https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101 •

CVSS: 9.8EPSS: 21%CPEs: 22EXPL: 0

CVE-2016-5681

https://notcve.org/view.php?id=CVE-2016-5681

25 Aug 2016 — Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie. Desbordamie... • http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •