CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49004
https://notcve.org/view.php?id=CVE-2023-49004
An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. Un problema en D-Link DIR-850L v.B1_FW223WWb01 permite a un atacante remoto ejecutar código arbitrario a través de un script manipualdo para el parámetro en. • https://github.com/ef4tless/vuln/blob/master/iot/DIR-850L/bug1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2021-46379 – DLINK DIR850 - Open Redirect
https://notcve.org/view.php?id=CVE-2021-46379
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. DLink DIR850 versión ET850-1.08TRb03, está afectado por una vulnerabilidad de control de acceso incorrecto mediante un redireccionamiento de la URL a un sitio no confiable DLINK DIR850 suffers from an open redirection vulnerability. • https://www.exploit-db.com/exploits/50907 http://packetstormsecurity.com/files/167041/DLINK-DIR850-Open-Redirection.html https://drive.google.com/file/d/1rrlwnIxSHEoO4SMAHRPKZSRzK5MwZQRf/view?usp=sharing https://www.dlink.com/en/security-bulletin • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3CVE-2021-46378 – DLINK DIR850 - Insecure Access Control
https://notcve.org/view.php?id=CVE-2021-46378
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. DLink DIR850 versión ET850-1.08TRb03 está afectado por una vulnerabilidad de control de acceso incorrecto mediante una descarga de configuración remota no autenticada DLINK DIR850 suffers from a configuration disclosure vulnerability. • https://www.exploit-db.com/exploits/50906 http://packetstormsecurity.com/files/167042/DLINK-DIR850-Insecure-Direct-Object-Reference.html https://drive.google.com/file/d/1S69wOovVa8NRVUXcB0PkVvZHFxREcD4Y/view?usp=sharing https://www.dlink.com/en/security-bulletin • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 1CVE-2019-17508
https://notcve.org/view.php?id=CVE-2019-17508
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. En los dispositivos D-Link DIR-859 versión A3-1.06 y DIR-850 versión A1.13, el archivo /etc/services/DEVICE.TIME.php permiten la inyección de comandos por medio de la variable $SERVER. • https://github.com/dahua966/Routers-vuls/tree/master/DIR-859 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 2CVE-2019-7642
https://notcve.org/view.php?id=CVE-2019-7642
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). Los routers D-Link con la funcionalidad mydlink presentan algunas interfaces web sin requerimientos de autenticación. • https://github.com/xw77cve/CVE-2019-7642 https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md • CWE-306: Missing Authentication for Critical Function •