CVE-2024-0717 – D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
https://notcve.org/view.php?id=CVE-2024-0717
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/999zzzzz/D-Link https://vuldb.com/?ctiid.251542 https://vuldb.com/?id.251542 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-19300
https://notcve.org/view.php?id=CVE-2018-19300
On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well. En D-Link DAP-1530 (A1) anterior a la versión de firmware 1.06b01, DAP-1610 (A1) anterior a la versión de firmware 1.06b01, DWR-111 (A1) anterior a la versión de firmware 1.02v02, DWR-116 (A1) anterior a la versión de firmware 1.06b03, DWR-512 (B1) anterior a la versión de firmware 2.02b01, DWR-711 (A1) hasta la versión de firmware 1.11, DWR-712 (B1) anterior a la versión de firmware 2.04b01, DWR-921 (A1) anterior a la versión de firmware 1.02b01, y DWR-921 (B1) anterior a la versión de firmware 2.03b01, existe un archivo EXCU_SHELL en el directorio web. Al enviar una petición GET con cabeceras especialmente diseñadas a la URI /EXCU_SHELL, un atacante podría ejecutar comandos shell arbitrarios en el contexto raíz del dispositivo afectado. • https://community.greenbone.net/t/cve-2018-19300-remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers/1772 https://eu.dlink.com/de/de/support/support-news/2019/march/19/remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers https://www.greenbone.net/en/serious-vulnerability-discovered-in-d-link-routers https://www.greenbone.net/schwerwiegende-sicherheitsluecke-in-d-link-routern-entdeckt • CWE-20: Improper Input Validation •
CVE-2018-18008 – D-Link DSL-2770L / DIR-140L / DIR-640L Credential Disclosure
https://notcve.org/view.php?id=CVE-2018-18008
spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. spaces.htm en múltiples dispositivos D-Link (DSL, DIR, DWR) permite que atacantes remotos no autenticados descubran las credenciales de administrador. D-Link DSL-2770L, DIR-140L, DIR-640L, DWR-116, DWR-512, DWR-555, and DWR-921 all suffer from an administrative credential disclosure vulnerability. • http://seclists.org/fulldisclosure/2018/Dec/45 http://www.securityfocus.com/bid/106344 • CWE-798: Use of Hard-coded Credentials •
CVE-2018-10823 – D-Link Routers - Command Injection
https://notcve.org/view.php?id=CVE-2018-10823
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals. Se ha descubierto un problema en dispositivos D-Link DWR-116 hasta la versión 1.06, DWR-512 hasta la versión 2.02, DWR-712 hasta la versión 2.02, DWR-912 hasta la versión 2.02, DWR-921 hasta la versión 2.02 y DWR-111 hasta la versión 1.01. Un atacante autenticado podría ejecutar código arbitrario inyectando el comando shell en el parámetro Sip de la página chkisg.htm. • https://www.exploit-db.com/exploits/45676 http://sploit.tech/2018/10/12/D-Link.html https://seclists.org/fulldisclosure/2018/Oct/36 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-10824 – D-Link Routers - Plaintext Password
https://notcve.org/view.php?id=CVE-2018-10824
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access. Se ha descubierto un problema en dispositivos D-Link DWR-116 hasta la versión 1.06, DIR-140L hasta la versión 1.02, DWR-512 hasta la versión 2.02, DWR-712 hasta la versión 2.02, DWR-912 hasta la versión 2.02, DWR-921 hasta la versión 2.02 y DWR-111 hasta la versión 1.01. La contraseña administrativa se almacena en texto plano en el archivo /tmp/csman/0. • https://www.exploit-db.com/exploits/45677 http://sploit.tech/2018/10/12/D-Link.html https://seclists.org/fulldisclosure/2018/Oct/36 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-522: Insufficiently Protected Credentials •