CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49004
https://notcve.org/view.php?id=CVE-2023-49004
An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. Un problema en D-Link DIR-850L v.B1_FW223WWb01 permite a un atacante remoto ejecutar código arbitrario a través de un script manipualdo para el parámetro en. • https://github.com/ef4tless/vuln/blob/master/iot/DIR-850L/bug1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18907
https://notcve.org/view.php?id=CVE-2018-18907
An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption. Se ha detectado un problema en los dispositivos D-Link DIR-850L versión 1.21WW. Un handshake WPA parcialmente completado es suficiente para obtener un acceso completo a la red inalámbrica. • http://us.dlink.com/security-advisories https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10097 https://www.synopsys.com/blogs/software-security/wpa2-encryption-bypass-defensics-fuzzing • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2021-46379 – DLINK DIR850 - Open Redirect
https://notcve.org/view.php?id=CVE-2021-46379
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. DLink DIR850 versión ET850-1.08TRb03, está afectado por una vulnerabilidad de control de acceso incorrecto mediante un redireccionamiento de la URL a un sitio no confiable DLINK DIR850 suffers from an open redirection vulnerability. • https://www.exploit-db.com/exploits/50907 http://packetstormsecurity.com/files/167041/DLINK-DIR850-Open-Redirection.html https://drive.google.com/file/d/1rrlwnIxSHEoO4SMAHRPKZSRzK5MwZQRf/view?usp=sharing https://www.dlink.com/en/security-bulletin • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3CVE-2021-46378 – DLINK DIR850 - Insecure Access Control
https://notcve.org/view.php?id=CVE-2021-46378
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. DLink DIR850 versión ET850-1.08TRb03 está afectado por una vulnerabilidad de control de acceso incorrecto mediante una descarga de configuración remota no autenticada DLINK DIR850 suffers from a configuration disclosure vulnerability. • https://www.exploit-db.com/exploits/50906 http://packetstormsecurity.com/files/167042/DLINK-DIR850-Insecure-Direct-Object-Reference.html https://drive.google.com/file/d/1S69wOovVa8NRVUXcB0PkVvZHFxREcD4Y/view?usp=sharing https://www.dlink.com/en/security-bulletin • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 1CVE-2019-17508
https://notcve.org/view.php?id=CVE-2019-17508
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. En los dispositivos D-Link DIR-859 versión A3-1.06 y DIR-850 versión A1.13, el archivo /etc/services/DEVICE.TIME.php permiten la inyección de comandos por medio de la variable $SERVER. • https://github.com/dahua966/Routers-vuls/tree/master/DIR-859 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •