Dlink

Dir-823g Firmware

52 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-25367

Exploit
  • EPSS 30.14%
  • Published 04.11.2021 10:15:07
  • Last modified 21.11.2024 05:17:54

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.

9

CVE-2019-15530

Exploit
  • EPSS 3.21%
  • Published 23.08.2019 17:15:13
  • Last modified 21.11.2024 04:28:56

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.

9

CVE-2019-15529

Exploit
  • EPSS 12.53%
  • Published 23.08.2019 17:15:13
  • Last modified 21.11.2024 04:28:56

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.

9

CVE-2019-15528

Exploit
  • EPSS 3.21%
  • Published 23.08.2019 17:15:13
  • Last modified 21.11.2024 04:28:56

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.

9

CVE-2019-15527

Exploit
  • EPSS 3.74%
  • Published 23.08.2019 17:15:13
  • Last modified 21.11.2024 04:28:56

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.

9

CVE-2019-15526

Exploit
  • EPSS 3.21%
  • Published 23.08.2019 17:15:13
  • Last modified 21.11.2024 04:28:56

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.

9

CVE-2019-13128

Exploit
  • EPSS 12.09%
  • Published 01.07.2019 15:15:11
  • Last modified 21.11.2024 04:24:15

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings.

7.5

CVE-2019-8392

Exploit
  • EPSS 0.37%
  • Published 17.02.2019 04:29:00
  • Last modified 21.11.2024 04:49:49

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.

8.6

CVE-2019-7390

Exploit
  • EPSS 1.02%
  • Published 05.02.2019 00:29:00
  • Last modified 21.11.2024 04:48:07

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the ...

7.8

CVE-2019-7389

Exploit
  • EPSS 3.13%
  • Published 05.02.2019 00:29:00
  • Last modified 21.11.2024 04:48:07

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an ...