CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-44959
https://notcve.org/view.php?id=CVE-2023-44959
An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. Un problema encontrado en D-Link DSL-3782 v.1.03 y anteriores permite a usuarios remotos autenticados ejecutar código arbitrario como root a través de los campos de Dirección IP del Router de la página de configuración de red. • https://github.com/FzBacon/CVE-2023-27216_D-Link_DSL-3782_Router_command_injection/blob/master/CVE-2023-27216_D-Link_DSL-3782_Router_command_injection.md#cve-2023-27216_d-link_dsl-3782_router_command_injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27216
https://notcve.org/view.php?id=CVE-2023-27216
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page. • https://github.com/HoangREALER/CVE-2023-27216 http://d-link.com https://lessonsec.com/cve/cve-2023-27216 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-34528
https://notcve.org/view.php?id=CVE-2022-34528
D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue. Se ha detectado que D-Link DSL-3782 versiones v1.03 y anteriores, contienen un desbordamiento de pila por medio de la función getAttrValue • https://github.com/1160300418/Vuls/blob/main/D-Link/DSL-3782/BOF_in_D-Link%20DSL-3782.md https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-34527
https://notcve.org/view.php?id=CVE-2022-34527
D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. Se ha detectado que D-Link DSL-3782 versiones v1.03 y anteriores, contienen una vulnerabilidad de inyección de comandos por medio de la función byte_4C0160 • https://github.com/1160300418/Vuls/blob/main/D-Link/DSL-3782/CMDi_in_D-Link%20DSL-3782.md https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-40284
https://notcve.org/view.php?id=CVE-2021-40284
D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request. D-Link DSL-3782 versiones EU v1.01:EU v1.03, está afectado por un desbordamiento de búfer que puede causar una denegación de servicio. Esta vulnerabilidad se presenta en la interfaz web "/cgi-bin/New_GUI/Igmp.asp". • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10245 https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •