CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39962
https://notcve.org/view.php?id=CVE-2024-39962
19 Jul 2024 — D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request. Se descubrió que D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 contiene una vulnerabilidad de ejecución remota de código (RCE) en el parámetro ntp_zone_val en /goform/set_ntp. Esta vulnerabilidad se explota mediante una solicitud HTTP manip... • https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-39202
https://notcve.org/view.php?id=CVE-2024-39202
08 Jul 2024 — D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. Se descubrió que el firmware D-Link DIR-823X - 240126 contiene una vulnerabilidad de ejecución remota de comandos (RCE) a través del parámetro dhcpd_startip en /goform/set_lan_settings. • https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •