4 results (0.011 seconds)

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control. D-Link (Non-US) DSL-2750U N300 ADSL2+ y (Non-US) DSL-2730U N150 ADSL2+ son vulnerables a un control de acceso incorrecto. La interfaz UART/Serial en la PCB proporciona salida de registro y un terminal root sin control de acceso adecuado. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10357 https://www.dlink.com/en/products/dsl-2730u-wireless-n150-adsl2-router https://www.dlink.com/en/products/dsl-2750u-wireless-n-300-adsl2-modem-router • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name. Los dispositivos D-Link DSL 2730-U versiones IN_1.10 e IN_1.11 y DIR-600M versiones 3.04, poseen la cadena domain.name en la ruta de búsqueda de resolutor DNS por defecto, lo que permite a atacantes remotos proveer respuestas DNS válidas (y también ofrecer servicios de Internet tales como HTTP) para nombres que de otro modo habrían tenido un error NXDOMAIN, al registrar un subdominio del nombre de dominio domain.name • https://harigovind.org/articles/who-is-hijacking-my-nxdomains •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. Vulnerabilidad de CSRF en dispositivos D-Link DSL-2730U C1 IN_1.00 permite a atacantes remotos cambiar la configuración del DNS o firewall o cualquier contraseña. D-Link DSL-2730U Wireless N 150 suffers from cross site request forgery vulnerabilities. • https://www.exploit-db.com/exploits/41478 http://www.securityfocus.com/bid/96560 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command. La shell restringida de telnet en el router D-Link DSL2730U permite a usuarios remotos autenticados eludir las restricciones de comandos previstas a través de metacaracteres de shell que siguen a un comando permitdo. • http://www.kb.cert.org/vuls/id/876780 • CWE-264: Permissions, Privileges, and Access Controls •