Filtered by vendor Dlink
Subscriptions
Total
903 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-32153 | 1 Dlink | 1 Dir-2640 Firmware | 2024-08-02 | N/A |
D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the EmailFrom parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19550. | ||||
CVE-2023-32143 | 1 Dlink | 1 Dap-1360 | 2024-08-02 | N/A |
D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webupg endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18423. | ||||
CVE-2023-32144 | 1 Dlink | 1 Dap-1360 Firmware | 2024-08-02 | N/A |
D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18454. | ||||
CVE-2023-32140 | 1 Dlink | 1 Dap-1360 | 2024-08-02 | N/A |
D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:sys_Token parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18418. | ||||
CVE-2023-32147 | 1 Dlink | 1 Dir-2640 Firmware | 2024-08-02 | N/A |
D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the LocalIPAddress parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19544. | ||||
CVE-2023-32136 | 1 Dlink | 1 Dap-1360 Firmware | 2024-08-02 | N/A |
D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:menu parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18414. | ||||
CVE-2023-32146 | 1 Dlink | 1 Dap-1360 | 2024-08-02 | N/A |
D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18746. | ||||
CVE-2023-31814 | 1 Dlink | 2 Dir-300, Dir-300 Firmware | 2024-08-02 | 9.8 Critical |
D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. | ||||
CVE-2023-30061 | 1 Dlink | 2 Dir-879, Dir-879 Firmware | 2024-08-02 | 7.5 High |
D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. | ||||
CVE-2023-30063 | 1 Dlink | 2 Dir-890l, Dir-890l Firmware | 2024-08-02 | 7.5 High |
D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. | ||||
CVE-2023-29961 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-08-02 | 9.8 Critical |
D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup, | ||||
CVE-2023-29665 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-08-02 | 9.8 Critical |
D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters in SetPasswdSettings. | ||||
CVE-2023-27720 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-08-02 | 9.8 Critical |
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
CVE-2023-27718 | 1 Dlink | 2 Dir878, Dir878 Firmware | 2024-08-02 | 9.8 Critical |
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
CVE-2023-27719 | 1 Dlink | 2 Dir878, Dir878 Firmware | 2024-08-02 | 9.8 Critical |
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
CVE-2023-27216 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-08-02 | 8.8 High |
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page. | ||||
CVE-2023-26925 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-08-02 | 7.5 High |
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information. | ||||
CVE-2023-26822 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-08-02 | 9.8 Critical |
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main. | ||||
CVE-2023-26616 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-08-02 | 9.8 Critical |
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo. | ||||
CVE-2023-26612 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-08-02 | 9.8 Critical |
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo. |