| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. |
| D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. |
| D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. |
| D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. |
| D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. |
| DLINK - DSL-224 Post-auth RCE.
DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API.
It is possible to inject a command through this interface that will run with ROOT permissions on the router.
|
|
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass.
*Information Disclosure –
file contains a URL with private IP at line 15 "login.asp" A. The
window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ;
"admin" – contains default username value "login.asp" B. While accessing the web interface, the login form at
*Authorization Bypass –
URL by "setupWizard.asp' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a "login_glag" and "login_status" checking browser and to read the admin user credentials for the web interface.
|
| D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. |
| A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234 |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8 |
| D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. |
| D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. |
| D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. |
