CVE-2023-39674
https://notcve.org/view.php?id=CVE-2023-39674
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function fgets. Se descubrió que D-Link DIR-880 A1_FW107WWb08 contiene un desbordamiento de búfer a través de la función fgets. • https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR880%20buffe%20overflow.md https://support.dlink.com https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-39671
https://notcve.org/view.php?id=CVE-2023-39671
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function FUN_0001be68. Se descubrió que D-Link DIR-880 A1_FW107WWb08 contiene un desbordamiento de búfer a través de la función FUN_0001be68. • https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR880%20buffer%20overflow.md https://support.dlink.com https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-39669
https://notcve.org/view.php?id=CVE-2023-39669
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824. Se descubrió que D-Link DIR-880 A1_FW107WWb08 contiene una desreferencia de puntero NULL en la función FUN_00010824. • https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/880%20unchecked%20return%20value.md https://support.dlink.com https://www.dlink.com/en/security-bulletin • CWE-476: NULL Pointer Dereference •
CVE-2020-29322
https://notcve.org/view.php?id=CVE-2020-29322
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. El router D-Link DIR-880L versión 1.07, es vulnerable a una divulgación de credenciales en el servicio telnet mediante la descompilación del firmware, lo que permite a un atacante no autenticado conseguir acceso al firmware y extraer datos confidenciales • https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html • CWE-522: Insufficiently Protected Credentials CWE-798: Use of Hard-coded Credentials •
CVE-2019-20213
https://notcve.org/view.php?id=CVE-2019-20213
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php. • https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-863: Incorrect Authorization •