Filtered by vendor Dlink
Subscriptions
Filtered by product Dir-823g
Subscriptions
Total
52 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-7297 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | N/A |
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. | ||||
CVE-2019-15530 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. | ||||
CVE-2019-15529 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. | ||||
CVE-2019-15528 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings. | ||||
CVE-2019-15527 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings. | ||||
CVE-2019-15526 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482. | ||||
CVE-2019-13128 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings. | ||||
CVE-2018-17881 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | N/A |
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. | ||||
CVE-2018-17880 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | N/A |
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot. | ||||
CVE-2018-17787 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | N/A |
On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. | ||||
CVE-2018-17786 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | N/A |
On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. | ||||
CVE-2024-44408 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2024-09-10 | 7.5 High |
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords. |