Dlink Security Vulnerabilities
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes ...
9.8CVSS
9.9AI Score
0.003EPSS
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.
9.8CVSS
9.8AI Score
0.002EPSS
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.
9.8CVSS
9.7AI Score
0.018EPSS
D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi.
7.5CVSS
7.5AI Score
0.002EPSS
D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.
9.8CVSS
9.6AI Score
0.002EPSS
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.
9.8CVSS
9.8AI Score
0.016EPSS
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.
8.8CVSS
8.7AI Score
0.082EPSS
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan2Settings module.
7.2CVSS
7.7AI Score
0.003EPSS
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWanSettings module.
7.2CVSS
7.7AI Score
0.003EPSS
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module.
7.2CVSS
7.3AI Score
0.002EPSS
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetDynamicDNSSettings module.
7.2CVSS
7.7AI Score
0.002EPSS
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module.
7.2CVSS
7.7AI Score
0.002EPSS
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the AccountPassword parameter in the SetSysEmailSettings module.
7.2CVSS
7.7AI Score
0.002EPSS
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module.
7.2CVSS
7.3AI Score
0.002EPSS
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module.
7.2CVSS
7.7AI Score
0.003EPSS
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.
9.9CVSS
9.8AI Score
0.001EPSS
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.
9.9CVSS
9.8AI Score
0.001EPSS
Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
9.8CVSS
9.7AI Score
0.003EPSS
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload.
9.8CVSS
9.7AI Score
0.002EPSS
A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.
7.8CVSS
7.9AI Score
0.005EPSS
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.
8.8CVSS
8.9AI Score
0.001EPSS
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.
8.8CVSS
8.9AI Score
0.001EPSS
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.
8.8CVSS
8.9AI Score
0.001EPSS
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.
8.8CVSS
8.9AI Score
0.001EPSS
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.
8.8CVSS
8.9AI Score
0.001EPSS
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.
9.8CVSS
9.7AI Score
0.002EPSS
OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
9.8CVSS
9.7AI Score
0.002EPSS
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload.
9.8CVSS
9.5AI Score
0.002EPSS
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
9.8CVSS
9.4AI Score
0.002EPSS
A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.
7.5CVSS
7.4AI Score
0.001EPSS
A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp.
6.5CVSS
6.4AI Score
0.001EPSS
A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the reserveDHCP_HostName_1.1.1.0 parameter to lan.asp.
7.5CVSS
7.4AI Score
0.001EPSS
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo.
9.8CVSS
9.7AI Score
0.001EPSS
An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL.
9.8CVSS
9.7AI Score
0.001EPSS
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.
7.5CVSS
8AI Score
0.001EPSS
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.
9.8CVSS
9.7AI Score
0.001EPSS
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main.
9.8CVSS
9.7AI Score
0.007EPSS
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information.
7.5CVSS
7.1AI Score
0.005EPSS
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.
8.8CVSS
8.6AI Score
0.009EPSS
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
9.8CVSS
9.7AI Score
0.002EPSS
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
9.8CVSS
9.7AI Score
0.002EPSS