CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49004
https://notcve.org/view.php?id=CVE-2023-49004
19 Dec 2023 — An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. Un problema en D-Link DIR-850L v.B1_FW223WWb01 permite a un atacante remoto ejecutar código arbitrario a través de un script manipualdo para el parámetro en. • https://github.com/ef4tless/vuln/blob/master/iot/DIR-850L/bug1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18907
https://notcve.org/view.php?id=CVE-2018-18907
16 Jun 2022 — An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption. Se ha detectado un problema en los dispositivos D-Link DIR-850L versión 1.21WW. Un handshake WPA parcialmente completado es suficiente para obtener un acceso completo a la red inalámbrica. • http://us.dlink.com/security-advisories • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 4CVE-2021-46379 – DLINK DIR850 - Open Redirect
https://notcve.org/view.php?id=CVE-2021-46379
04 Mar 2022 — DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. DLink DIR850 versión ET850-1.08TRb03, está afectado por una vulnerabilidad de control de acceso incorrecto mediante un redireccionamiento de la URL a un sitio no confiable DLINK DIR850 suffers from an open redirection vulnerability. • https://packetstorm.news/files/id/167041 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 4CVE-2021-46378 – DLINK DIR850 - Insecure Access Control
https://notcve.org/view.php?id=CVE-2021-46378
04 Mar 2022 — DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. DLink DIR850 versión ET850-1.08TRb03 está afectado por una vulnerabilidad de control de acceso incorrecto mediante una descarga de configuración remota no autenticada DLINK DIR850 suffers from a configuration disclosure vulnerability. • https://packetstorm.news/files/id/167042 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 10.0EPSS: 20%CPEs: 4EXPL: 1CVE-2019-17508
https://notcve.org/view.php?id=CVE-2019-17508
11 Oct 2019 — On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. En los dispositivos D-Link DIR-859 versión A3-1.06 y DIR-850 versión A1.13, el archivo /etc/services/DEVICE.TIME.php permiten la inyección de comandos por medio de la variable $SERVER. • https://github.com/dahua966/Routers-vuls/tree/master/DIR-859 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 2CVE-2019-7642
https://notcve.org/view.php?id=CVE-2019-7642
25 Mar 2019 — D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). Los routers D-Link con la funcionalidad mydlink presentan algunas interfaces web sin requerimientos de autenticación. • https://github.com/xw77cve/CVE-2019-7642 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-20674
https://notcve.org/view.php?id=CVE-2018-20674
09 Jan 2019 — D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. Los dispositivos D-Link que utilizan determinadas versiones (las DIR-822 C1 anteriores a la v3.11B01Beta, las DIR-822-US C1 anteriores a la v3.11B01Beta, las DIR-850L A* anteriores a la v1.21B08Beta, las DIR-850L B* anteriores a la v2.22B03Beta y las DIR-880L A* anteriores a la v1.... • https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101 •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-20675
https://notcve.org/view.php?id=CVE-2018-20675
09 Jan 2019 — D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. Los dispositivos D-Link que utilizan determinadas versiones (las DIR-822 C1 anteriores a la v3.11B01Beta, las DIR-822-US C1 anteriores a la v3.11B01Beta, las DIR-850L A* anteriores a la v1.21B08Beta, las DIR-850L B* anteriores a la v2.22B03Beta y las DIR-880L A* anteriores a la v1.20B02Beta) permit... • https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 79%CPEs: 3EXPL: 1CVE-2018-9032 – D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-9032
27 Mar 2018 — An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. Una vulnerabilidad de omisión de autenticación en dispositivos D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version: A1, B1; Firmware Version: 1.02-2.06) podría permitir que los atacant... • https://www.exploit-db.com/exploits/44378 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3193
https://notcve.org/view.php?id=CVE-2017-3193
15 Dec 2017 — Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Múltiples dispositivos D-Link, incluidos DIR-850L con versiones 1.13B07 y 2.07.B05 contienen una vulnerabilidad de desbordamiento de búfer basado en pila en la interfaz de administración web del servicio HNAP. • http://www.securityfocus.com/bid/96747 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •