49 matches found
The vulnerability of the pcap_download_handler() function in D-Link DWL-6610AP wireless access points allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the pcapdownloadhandler function in D-Link DWL-6610AP wireless access points is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the updatedevice.packet-capture.tftp-file-name parameter. Exploiting this...
CVE-2023-43202
D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcapdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter...
CVE-2023-43202
D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcapdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter...
Command injection
D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcapdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter...
CVE-2023-4171
A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be...
PT-2023-5382 · D Link · D-Link Dwl-6610Ap
Name of the Vulnerable Software and Affected Versions: D-LINK DWL-6610AP version FW v 4.3.0.8B003C Description: A command injection issue was found in the pcap download handler function, allowing attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter...
PT-2023-5383 · D Link · D-Link Dwl-6610Ap
Name of the Vulnerable Software and Affected Versions: D-LINK DWL-6610AP version 4.3.0.8B003C Description: A command injection issue was discovered in the web cert download handler function, allowing attackers to execute arbitrary commands via the certDownload parameter. This could potentially...
VulnCheck KEV: CVE-2021-28149
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...
CVE-2021-28149
CVE-2021-28149 (Hongdian H8922 3.0.5) is a local file inclusion vulnerability in the device’s /log_download.cgi log export handler. The issue arises because user input is not validated, allowing a remote attacker with minimal privileges to download arbitrary files from the device by substituting ...