CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2019-20213
https://notcve.org/view.php?id=CVE-2019-20213
02 Jan 2020 — D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php. • https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 92%CPEs: 37EXPL: 4CVE-2019-17621 – D-Link DIR-859 Router Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-17621
30 Dec 2019 — The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SU... • https://packetstorm.news/files/id/156054 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 4%CPEs: 12EXPL: 2CVE-2017-14948
https://notcve.org/view.php?id=CVE-2017-14948
14 Oct 2019 — Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution. • https://github.com/badnack/d_link_880_bug • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-20675
https://notcve.org/view.php?id=CVE-2018-20675
09 Jan 2019 — D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. Los dispositivos D-Link que utilizan determinadas versiones (las DIR-822 C1 anteriores a la v3.11B01Beta, las DIR-822-US C1 anteriores a la v3.11B01Beta, las DIR-850L A* anteriores a la v1.21B08Beta, las DIR-850L B* anteriores a la v2.22B03Beta y las DIR-880L A* anteriores a la v1.20B02Beta) permit... • https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-20674
https://notcve.org/view.php?id=CVE-2018-20674
09 Jan 2019 — D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. Los dispositivos D-Link que utilizan determinadas versiones (las DIR-822 C1 anteriores a la v3.11B01Beta, las DIR-822-US C1 anteriores a la v3.11B01Beta, las DIR-850L A* anteriores a la v1.21B08Beta, las DIR-850L B* anteriores a la v2.22B03Beta y las DIR-880L A* anteriores a la v1.... • https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101 •
CVSS: 10.0EPSS: 94%CPEs: 8EXPL: 1CVE-2018-6530 – D-Link Multiple Routers OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-6530
06 Mar 2018 — OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. Vulnerabilidad de inyección de comandos del sistema operativo en soap.cgi (soapcgi_main en cgibin) en D... • ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •