7 results (0.018 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. • https://github.com/Zarathustra-L/IoT_Vul/tree/main/D-Link/DIR-890L/Auth%20bypass https://www.dlink.com/en/security-bulletin • CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php D-Link DIR-890L versión 1.20b01, permite a atacantes ejecutar código arbitrario debido a la opción Wake-On-Lan embebida para el parámetro "descriptor" en el archivo SetVirtualServerSettings.php • https://github.com/TyeYeah/DIR-890L-1.20-RCE https://www.dlink.com/en/security-bulletin • CWE-798: Use of Hard-coded Credentials •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. La interfaz de configuración web del lado de la LAN presenta una vulnerabilidad de desbordamiento de búfer en la región Stack de la memoria en el firmware del router Wi-Fi D-Link DIR-890L versiones DIR890LA1_FW107b09.bin y anteriores. La función creada en 0x17958 de /htdocs/cgibin llama a sprintf sin comprobar la longitud de las cadenas en los parámetros dados por el encabezado HTTP y puede ser controlada por los usuarios fácilmente. • https://github.com/winmt/CVE/blob/main/DIR-890L/README.md https://github.com/winmt/my-vuls/tree/main/DIR-890L https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0

D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php. • https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-863: Incorrect Authorization •

CVSS: 10.0EPSS: 96%CPEs: 37EXPL: 3

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SUBSCRIBE especialmente diseñada en el servicio UPnP cuando se conecta a la red local. D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials. D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. • https://github.com/Squirre17/CVE-2019-17621 http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104 https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 https://www& • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •