CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48629
https://notcve.org/view.php?id=CVE-2024-48629
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_34/34.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48630
https://notcve.org/view.php?id=CVE-2024-48630
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_41/41.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48631
https://notcve.org/view.php?id=CVE-2024-48631
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_32/32.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.7EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48632
https://notcve.org/view.php?id=CVE-2024-48632
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_39/39.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.7EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48633
https://notcve.org/view.php?id=CVE-2024-48633
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_40/40.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48634
https://notcve.org/view.php?id=CVE-2024-48634
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_33/33.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48635
https://notcve.org/view.php?id=CVE-2024-48635
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/tree/main/D-link4/vuln_38 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48636
https://notcve.org/view.php?id=CVE-2024-48636
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_36/36.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48637
https://notcve.org/view.php?id=CVE-2024-48637
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_37/37.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2024-48638
https://notcve.org/view.php?id=CVE-2024-48638
17 Oct 2024 — D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. • https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_35/35.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •