Dlink

Dir-823g Firmware

52 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-25367

Exploit
  • EPSS 30.14%
  • Veröffentlicht 04.11.2021 10:15:07
  • Zuletzt bearbeitet 21.11.2024 05:17:54

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.

9

CVE-2019-15530

Exploit
  • EPSS 3.21%
  • Veröffentlicht 23.08.2019 17:15:13
  • Zuletzt bearbeitet 21.11.2024 04:28:56

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.

9

CVE-2019-15529

Exploit
  • EPSS 12.53%
  • Veröffentlicht 23.08.2019 17:15:13
  • Zuletzt bearbeitet 21.11.2024 04:28:56

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.

9

CVE-2019-15528

Exploit
  • EPSS 3.21%
  • Veröffentlicht 23.08.2019 17:15:13
  • Zuletzt bearbeitet 21.11.2024 04:28:56

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.

9

CVE-2019-15527

Exploit
  • EPSS 3.74%
  • Veröffentlicht 23.08.2019 17:15:13
  • Zuletzt bearbeitet 21.11.2024 04:28:56

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.

9

CVE-2019-15526

Exploit
  • EPSS 3.21%
  • Veröffentlicht 23.08.2019 17:15:13
  • Zuletzt bearbeitet 21.11.2024 04:28:56

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.

9

CVE-2019-13128

Exploit
  • EPSS 12.09%
  • Veröffentlicht 01.07.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:24:15

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings.

7.5

CVE-2019-8392

Exploit
  • EPSS 0.37%
  • Veröffentlicht 17.02.2019 04:29:00
  • Zuletzt bearbeitet 21.11.2024 04:49:49

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.

8.6

CVE-2019-7390

Exploit
  • EPSS 1.02%
  • Veröffentlicht 05.02.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:07

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the ...

7.8

CVE-2019-7389

Exploit
  • EPSS 3.13%
  • Veröffentlicht 05.02.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:07

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an ...