CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2023-25280 – D-Link DIR-820 Router OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-25280
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20Inject%20in%20pingV4Msg https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25281
https://notcve.org/view.php?id=CVE-2023-25281
A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/stackoverflow%20cancelPing https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-34973
https://notcve.org/view.php?id=CVE-2022-34973
D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. Se ha detectado que D-Link DIR820LA1_FW106B02, contiene un desbordamiento de búfer por medio del parámetro nextPage en el archivo ping.ccp • https://github.com/1759134370/iot/blob/main/DIR-820L.md https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-34974
https://notcve.org/view.php?id=CVE-2022-34974
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. Se ha detectado que D-Link DIR810LA1_FW102B22, contiene una vulnerabilidad de inyección de comandos por medio de la función Ping_addr • https://github.com/1759134370/iot/blob/main/DIR-810L.md https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •