25 results (0.029 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. DLink DIR850 versión ET850-1.08TRb03, está afectado por una vulnerabilidad de control de acceso incorrecto mediante un redireccionamiento de la URL a un sitio no confiable DLINK DIR850 suffers from an open redirection vulnerability. • https://www.exploit-db.com/exploits/50907 http://packetstormsecurity.com/files/167041/DLINK-DIR850-Open-Redirection.html https://drive.google.com/file/d/1rrlwnIxSHEoO4SMAHRPKZSRzK5MwZQRf/view?usp=sharing https://www.dlink.com/en/security-bulletin • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. DLink DIR850 versión ET850-1.08TRb03 está afectado por una vulnerabilidad de control de acceso incorrecto mediante una descarga de configuración remota no autenticada DLINK DIR850 suffers from a configuration disclosure vulnerability. • https://www.exploit-db.com/exploits/50906 http://packetstormsecurity.com/files/167042/DLINK-DIR850-Insecure-Direct-Object-Reference.html https://drive.google.com/file/d/1S69wOovVa8NRVUXcB0PkVvZHFxREcD4Y/view?usp=sharing https://www.dlink.com/en/security-bulletin • CWE-425: Direct Request ('Forced Browsing') •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 2

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). Los routers D-Link con la funcionalidad mydlink presentan algunas interfaces web sin requerimientos de autenticación. • https://github.com/xw77cve/CVE-2019-7642 https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. Los dispositivos D-Link que utilizan determinadas versiones (las DIR-822 C1 anteriores a la v3.11B01Beta, las DIR-822-US C1 anteriores a la v3.11B01Beta, las DIR-850L A* anteriores a la v1.21B08Beta, las DIR-850L B* anteriores a la v2.22B03Beta y las DIR-880L A* anteriores a la v1.20B02Beta) permiten la omisión de autenticación. • https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101 • CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. Los dispositivos D-Link que utilizan determinadas versiones (las DIR-822 C1 anteriores a la v3.11B01Beta, las DIR-822-US C1 anteriores a la v3.11B01Beta, las DIR-850L A* anteriores a la v1.21B08Beta, las DIR-850L B* anteriores a la v2.22B03Beta y las DIR-880L A* anteriores a la v1.20B02Beta) permiten la ejecución de comando remotos. • https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101 •