35 matches found
CVE-2023-53896
D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...
CVE-2023-53896
CVE-2023-53896 affects D-Link DAP-1325 firmware 1.01. The Red Hat/NVD/CVE entries describe a broken access control that allows unauthenticated retrieval of device configuration settings via /cgi-bin/ExportSettings.sh, enabling disclosure of sensitive configuration data. The issue is rooted in acc...
CVE-2023-53896 D-Link DAP-1325 Hardware A1 Unauthenticated Configuration Download
D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...
EUVD-2018-9729
Malware in sbrugna...
D-Link DAP-1325 - Broken Access Control
Exploit Title: D-Link DAP-1325 - Broken Access Control Date: 27-06-2023 Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticate...
PT-2025-51744
Name of the Vulnerable Software and Affected Versions D-Link DAP-1325 firmware version 1.01 Description The device has a flaw in access control that permits unauthenticated attackers to obtain device configuration settings without needing to authenticate. Attackers can access the...
CVE-2023-24098
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products...
CVE-2023-24095
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...
CVE-2023-24096
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...
CVE-2022-47065
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...
PT-2023-19400 · Trendnet · Trendnet Wireless Ac Easy-Upgrader Tew-820Ap
Name of the Vulnerable Software and Affected Versions: TrendNet Wireless AC Easy-Upgrader TEW-820AP version 1.0R, firmware version 1.01.B01 Description: A stack overflow issue was discovered via the submit-url parameter at the "/formPasswordAuth" API endpoint. This issue allows attackers to execu...
PT-2023-19399 · Trendnet · Trendnet Wireless Ac Easy-Upgrader Tew-820Ap
Name of the Vulnerable Software and Affected Versions: TrendNet Wireless AC Easy-Upgrader TEW-820AP version 1.0R, firmware version 1.01.B01 Description: The issue is related to a stack overflow via the newpass parameter at the "/formPasswordSetup" API endpoint. This allows attackers to execute...
CVE-2022-44373
A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP Version v1.0R, firmware version 1.01.B01 which may result in remote code execution...
TRENDnet TEW-820AP 缓冲区错误漏洞
The TRENDnet TEW-820AP is a router from Trendnet, Inc. A buffer error vulnerability exists in TRENDnet TEW-820AP v1.0R firmware version 1.01.B01, which originates from an attacker being able to achieve remote code execution via stack buffer overflow...
CVE-2022-35192
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service DoS via the User parameter or Pwd parameter to Login.asp...
PT-2022-22623 · D Link · D-Link Wireless Ac1200 Dual Band Vdsl Adsl Modem Router Dsl-3782
Name of the Vulnerable Software and Affected Versions: D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware version 1.01 Description: The issue allows unauthenticated attackers to cause a Denial of Service DoS via the User parameter or Pwd parameter to "Login.asp"...
D-Link DSL-3782 Cross-Site Scripting Vulnerability
The D-Link DSL-3782 is a wireless router from AUO D-Link of Taiwan, China. A cross-site scripting vulnerability exists in the web interface of the D-Link DSL-3782 using firmware version 1.01, which stems from the lack of proper validation of client data by the WEB application. An attacker could...
CVE-2018-17990
An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter...
CVE-2018-17990
An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter...
Cross site scripting
A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/NewGUI/Acl.asp" is request...