Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26613 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. | |||||
| CVE-2023-26616 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
| D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo. | |||||
| CVE-2023-29665 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
| D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters in SetPasswdSettings. | |||||
| CVE-2023-26615 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | N/A | 7.5 HIGH |
| D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password. | |||||
| CVE-2023-26612 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
| D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo. | |||||
| CVE-2022-44808 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
| A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. | |||||
| CVE-2022-44201 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
| D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. | |||||
| CVE-2022-43109 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
| D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet. | |||||
| CVE-2021-43474 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function | |||||
| CVE-2020-25368 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. | |||||
| CVE-2020-25367 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login. | |||||
| CVE-2019-13128 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings. | |||||
| CVE-2019-15527 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings. | |||||
| CVE-2019-15530 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. | |||||
| CVE-2019-15528 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings. | |||||
| CVE-2019-15529 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. | |||||
| CVE-2019-15526 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482. | |||||
| CVE-2019-7390 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API. | |||||
| CVE-2018-17786 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. | |||||
| CVE-2019-7297 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. | |||||