Filtered by vendor Dlink
Subscribe
Search
Total
161 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9377 | 1 Dlink | 2 Dir-610, Dir-610 Firmware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-9376 | 1 Dlink | 2 Dir-610, Dir-610 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-25757 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2021-07-21 | 8.3 HIGH | 8.8 HIGH |
| A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17. | |||||
| CVE-2020-25079 | 1 Dlink | 4 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 1 more | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection. | |||||
| CVE-2020-26582 | 1 Dlink | 2 Dap-1360u, Dap-1360u Firmware | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18). | |||||
| CVE-2019-12787 | 1 Dlink | 2 Dir-818lw, Dir-818lw Firmware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key. | |||||
| CVE-2020-25759 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests. | |||||
| CVE-2019-20213 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | |||||
| CVE-2021-34827 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2021-07-20 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029. | |||||
| CVE-2021-34828 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2021-07-20 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066. | |||||
| CVE-2021-34829 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2021-07-20 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065. | |||||
| CVE-2021-34830 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2021-07-20 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028. | |||||
| CVE-2021-34201 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2021-06-24 | 3.6 LOW | 7.1 HIGH |
| D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes. | |||||
| CVE-2021-34202 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2021-06-23 | 7.2 HIGH | 7.8 HIGH |
| There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution. | |||||
| CVE-2020-29324 | 1 Dlink | 2 Dir-895l Mfc, Dir-895l Mfc Firmware | 2021-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2021-20696 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2021-05-03 | 9.0 HIGH | 8.8 HIGH |
| DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program. | |||||
| CVE-2017-8411 | 1 Dlink | 2 Dcs-1130, Dcs-1130 Firmware | 2021-04-26 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The library "libmailutils.so" is the one that has the vulnerable function "sub_1FC4" that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows an ARM little endian format. The function sub_1FC4 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "receiver1" is extracted in function "sub_15AC" which is then passed to the vulnerable system API call. The vulnerable library function is accessed in "cgibox" binary at address 0x00023BCC which calls the "Send_mail" function in "libmailutils.so" binary as shown below which results in the vulnerable POST parameter being passed to the library which results in the command injection issue. | |||||
| CVE-2017-8412 | 1 Dlink | 4 Dcs-1100, Dcs-1100 Firmware, Dcs-1130 and 1 more | 2021-04-26 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and uses a vulnerable sprintf function at address 0x0000C3D4 in the function sub_C210 to copy the value into a string and then into a log file. Since there is no bounds check being performed on the environment variable at address 0x0000C360 this results in a stack overflow and overwrites the PC register allowing an attacker to execute buffer overflow or even a command injection attack. | |||||
| CVE-2017-8406 | 1 Dlink | 2 Dcs-1130, Dcs-1130 Firmware | 2021-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and pull any information that is stored on the device. In this case, user's credentials are stored in clear text on the device and can be pulled easily. It also seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site flashing attack on the user's browser and execute any action on the device provided by the web management interface which steals the credentials from tools_admin.cgi file's response and displays it inside a Textfield. | |||||
| CVE-2013-1602 | 1 Dlink | 34 Dcs-1100, Dcs-1100 Firmware, Dcs-1100l and 31 more | 2021-04-26 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams. | |||||
| CVE-2017-8417 | 1 Dlink | 4 Dcs-1100, Dcs-1100 Firmware, Dcs-1130 and 1 more | 2021-04-26 | 3.3 LOW | 8.8 HIGH |
| An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any authentication. As a part of that communication, the device uses custom version of base64 encoding to pass data back and forth between the apps and the device. However, the same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third party to retrieve the device's password without any authentication by sending just 1 UDP packet with custom base64 encoding. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. | |||||
| CVE-2017-8409 | 1 Dlink | 2 Dcs-1130, Dcs-1130 Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. | |||||
| CVE-2017-8405 | 1 Dlink | 4 Dcs-1100, Dcs-1100 Firmware, Dcs-1130 and 1 more | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be authenticated or not before allowing access to the video feed. By default, the value for this flag is zero and can be set/unset using the HTTP interface and network settings tab as shown below. The device requires that a user logging to the HTTP management interface of the device to provide a valid username and password. However, the device does not enforce the same restriction by default on RTSP URL due to the checkbox unchecked by default, thereby allowing any attacker in possession of external IP address of the camera to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. | |||||
| CVE-2017-8407 | 1 Dlink | 2 Dcs-1130, Dcs-1130 Firmware | 2021-04-23 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change the user's password. | |||||
| CVE-2016-10186 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules. | |||||
| CVE-2016-10179 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. | |||||
| CVE-2017-8414 | 1 Dlink | 4 Dcs-1100, Dcs-1100 Firmware, Dcs-1130 and 1 more | 2021-04-23 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter "-f" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption. | |||||
| CVE-2016-10180 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. | |||||
| CVE-2016-10183 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal. | |||||
| CVE-2016-10185 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf. | |||||
| CVE-2016-10181 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests. | |||||
| CVE-2016-10184 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. | |||||
| CVE-2020-25758 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2021-04-23 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root. | |||||
| CVE-2019-6969 | 1 Dlink | 2 Dva-5592, Dva-5592 Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use). | |||||
| CVE-2019-14332 | 1 Dlink | 4 6600-ap, 6600-ap Firmware, Dwl-3600ap and 1 more | 2021-04-23 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1. | |||||
| CVE-2020-8864 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2021-04-23 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471. | |||||
| CVE-2020-8863 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2021-04-23 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470. | |||||
| CVE-2020-13150 | 1 Dlink | 2 Dsl-2750u, Dsl-2750u Firmware | 2021-04-23 | 4.6 MEDIUM | 7.8 HIGH |
| D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | |||||
| CVE-2020-24577 | 1 Dlink | 2 Dsl-2888a, Dsl-2888a Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body for a /tmp/var/passwd or /tmp/home/wan_stat URI. | |||||
| CVE-2020-27862 | 1 Dlink | 4 Dsl-2888a, Dsl-2888a Firmware, Dva-2800 and 1 more | 2021-04-23 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. When parsing the path parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-10911. | |||||
| CVE-2019-8319 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2021-04-23 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv4Settings API function, as demonstrated by shell metacharacters in the Gateway field. | |||||
| CVE-2019-8318 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2021-04-23 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysEmailSettings API function, as demonstrated by shell metacharacters in the SMTPServerPort field. | |||||
| CVE-2019-8317 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2021-04-23 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv6Settings API function, as demonstrated by shell metacharacters in the DestNetwork field. | |||||
| CVE-2019-8316 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2021-04-23 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWebFilterSettings API function, as demonstrated by shell metacharacters in the WebFilterURLs field. | |||||
| CVE-2019-8314 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2021-04-23 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetQoSSettings API function, as demonstrated by shell metacharacters in the IPAddress field. | |||||
| CVE-2019-8313 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2021-04-23 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv6FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv6AddressRangeStart field. | |||||
| CVE-2019-8315 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2021-04-23 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv4FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv4AddressRangeStart field. | |||||
| CVE-2019-8312 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2021-04-23 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysLogSettings API function, as demonstrated by shell metacharacters in the IPAddress field. | |||||
| CVE-2019-13563 | 1 Dlink | 2 Dir-655, Dir-655 Firmware | 2021-04-23 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. | |||||
| CVE-2019-17353 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2021-04-23 | 6.4 MEDIUM | 8.2 HIGH |
| An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. | |||||