CVSS: 5.3EPSS: 0%CPEs: 88EXPL: 1CVE-2024-0717 – D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
https://notcve.org/view.php?id=CVE-2024-0717
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/999zzzzz/D-Link https://vuldb.com/?ctiid.251542 https://vuldb.com/?id.251542 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44801
https://notcve.org/view.php?id=CVE-2022-44801
D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. D-Link DIR-878 1.02B05 es vulnerable a un control de acceso incorrecto. • https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link/DIR-878/3 https://www.dlink.com/en/security-bulletin •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-44202
https://notcve.org/view.php?id=CVE-2022-44202
D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. D-Link DIR878 1.02B04 y 1.02B05 son vulnerables al desbordamiento del búfer. • https://github.com/RobinWang825/IoT_vuln/blob/main/D-Link/DIR-878/1/readme.md https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-41140 – D-Link Multiple Routers lighttpd Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41140
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10291 https://www.zerodayinitiative.com/advisories/ZDI-22-1290 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26670 – D-Link DIR-878 - Command Injection
https://notcve.org/view.php?id=CVE-2022-26670
D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service. D-Link DIR-878, presenta un filtro inapropiado para caracteres especiales en el campo de entrada de la página web. Un atacante LAN no autenticado puede llevar a cabo un ataque de inyección de comandos para ejecutar comandos arbitrarios del sistema para controlar el sistema o interrumpir el servicio • https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •