CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 1CVE-2020-25786
https://notcve.org/view.php?id=CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header El archivo webinc/js/info.php en dispositivos D-Link DIR-816L versión 2.06.B09_BETA y DIR-803 versión 1.04.B02, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor. NOTA: esto típicamente no es explotable debido a la codificación de URL (excepto en Internet Explorer) y porque una página web no puede especificar que un cliente debe realizar una petición HTTP adicional con un encabezado Referer arbitrario • https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-13782
https://notcve.org/view.php?id=CVE-2020-13782
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, permiten una Inyección de Comandos. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174 https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-13783
https://notcve.org/view.php?id=CVE-2020-13783
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan Almacenamiento de Información Confidencial en Texto Sin Cifrar. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174 https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-13784
https://notcve.org/view.php?id=CVE-2020-13784
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan un seed predecible en un Generador de Números Pseudoaleatorios. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174 https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-13785
https://notcve.org/view.php?id=CVE-2020-13785
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan una Fortaleza de Cifrado Inadecuada. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174 https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers • CWE-326: Inadequate Encryption Strength •