CVE-2023-34277

D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

CVE-2023-34278

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

CVE-2023-34277

D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

CVE-2023-34278

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

CVE-2023-44427 D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injection Remote Code Execution Vulnerability

D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

CVE-2023-44426 D-Link DIR-X3260 SetSysEmailSettings AccountPassword Command Injection Remote Code Execution Vulnerability

D-Link DIR-X3260 SetSysEmailSettings AccountPassword Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

CVE-2023-44426

CVE-2023-44426 affects the D-Link DIR-X3260 router. The flaw is in prog.cgi handling HNAP requests to the lighttpd webserver (ports 80/443). It lacks proper validation of a user-supplied string used to invoke a system call, allowing an attacker to execute code with root privileges. Authentication...

CVE-2023-44424 D-Link DIR-X3260 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability

D-Link DIR-X3260 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

CVE-2023-44422 D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability

D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

CVE-2023-44422

The CVE-2023-44422 entry affects D-Link DIR-X3260 routers. The vulnerability resides in prog.cgi (HNAP handling) served by lighttpd on ports 80/443, where unsafely passed user input is used in a system call, allowing an attacker on the same network to execute code as root. The flaw enables remote...

CVE-2023-41220

CVE-2023-41220 (D-Link DIR-3040) is a stack-based buffer overflow in prog.cgi (SetSysEmailSettings) that handles HNAP requests to the lighttpd server on TCP ports 80/443. The flaw arises from copying a tainted user string into a fixed-size stack buffer, enabling remote code execution with root pr...

CVE-2023-34280 D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability

D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability...

CVE-2023-34280

D-Link DIR-2150 vulnerability CVE-2023-34280: remote code execution via SetSysEmailSettings EmailTo in the SOAP API (port 80). The flaw stems from improper validation of a user-supplied string used to execute a system call, allowing code execution with root privileges by network-adjacent attacker...

CVE-2023-34278 D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

CVE-2023-34277

The CVE-2023-34277 issue affects the D-Link DIR-2150 router. A flaw in the SOAP API interface (default port 80) creates a command injection path by validating user input insufficiently before it is handed to a system call. This can allow network-adjacent attackers to execute arbitrary code with r...

CVE-2023-34277 D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability

D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

D-Link DIR-3040 安全漏洞

The D-Link DIR-3040 is a router from China-based AUO D-Link. It provides the function of connecting to a network. A security vulnerability exists in the D-Link DIR-3040 that stems from a stack-based buffer overflow remote code execution vulnerability in prog.cgi SetSysEmailSettings...

D-Link DIR-X3260 安全漏洞

D-Link DIR-X3260 is a Wi-Fi 6 router from China's AUO D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from a SetSysEmailSettings AccountPassword command injection remote code execution vulnerability...

D-Link DIR-X3260 安全漏洞

The D-Link DIR-X3260 is a Wi-Fi 6 router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from a stack-based buffer overflow remote code execution vulnerability in prog.cgi SetSysEmailSettings...

D-Link DIR-X3260 安全漏洞

The D-Link DIR-X3260 is a mainstream router from D-Link that supports Wi-Fi 6. The D-Link DIR-X3260 suffers from a command injection vulnerability that stems from the SetSysEmailSettings EmailFrom command injection remote code execution vulnerability. An attacker can exploit this vulnerability to...