Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Filtered by product Dir-823g Firmware
Total 33 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25368 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 7.5 HIGH 9.8 CRITICAL
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
CVE-2020-25367 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 7.5 HIGH 9.8 CRITICAL
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
CVE-2019-13128 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings.
CVE-2019-15527 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.
CVE-2019-15530 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.
CVE-2019-15528 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.
CVE-2019-15529 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.
CVE-2019-15526 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 9.0 HIGH 8.8 HIGH
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.
CVE-2019-7390 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 5.0 MEDIUM 8.6 HIGH
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.
CVE-2019-7389 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 7.8 HIGH 7.5 HIGH
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication.
CVE-2019-8392 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.
CVE-2019-7298 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 9.3 HIGH 8.1 HIGH
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input.
CVE-2019-7388 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.