CVE-2017-14948
https://notcve.org/view.php?id=CVE-2017-14948
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution. • https://github.com/badnack/d_link_880_bug/blob/master/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-16190
https://notcve.org/view.php?id=CVE-2019-16190
SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. SharePort Web Access sobre dispositivos D-Link DIR-868L REVB versiones hasta 2.03, DIR-885L REVA versiones hasta 1.20, y DIR-895L REVA versiones hasta 1.21, permite la omisión de autenticación, como es demostrado por una petición directa al archivo folder_view.php o category_view.php. • https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html • CWE-287: Improper Authentication •