CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

Vulnrichment•added 2025/11/13 12:0 a.m.•2 views

CVE-2025-60676

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...

8AI score0.00398EPSS

Exploits1References4

CVE•added 2025/11/13 12:0 a.m.•8 views

CVE-2025-60676

The CVE-2025-60676 entry concerns the D-Link DIR-878A1 router, firmware FW101B04.bin. Technical details across multiple connected sources confirm an unauthenticated command-injection in prog.cgi SetNetworkSettings, where IPAddress and SubnetMask are directly concatenated into shell commands execu...

6.5CVSS8AI score0.00398EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2025/05/23 10:46 a.m.•3 views

CVE-2024-48638

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...

8CVSS8.7AI score0.00822EPSS

Exploits0References1

OSV•added 2024/10/17 6:15 p.m.•0 views

CVE-2024-48638

8CVSS6AI score0.00822EPSS

Exploits0References2

CVE•added 2024/10/17 12:0 a.m.•48 views

CVE-2024-48638

CVE-2024-48638 affects D-Link DIR-882 (FW130B06) and DIR-878 (FW130B08). The vulnerability is a command injection in SetGuestZoneRouterSettings via the SubnetMask parameter, allowing an attacker to execute arbitrary OS commands through a crafted POST request. The CVSSv3.1 vector is AV:A/AC:L/PR:L...

8CVSS8.7AI score0.00822EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/10/17 12:0 a.m.•11 views

CVE-2024-48638

8.7AI score0.00822EPSS

Exploits0References2

Cvelist•added 2024/10/17 12:0 a.m.•11 views

CVE-2024-48638

0.00822EPSS

Exploits0References2

Positive Technologies•added 2024/09/26 12:0 a.m.•2 views

PT-2024-7030 · D Link · D-Link Dir-878 +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-882 versions FW130B06 D-Link DIR-878 version FW130B08 Description: A command injection issue exists in the SetGuestZoneRouterSettings function due to insufficient neutralization of special elements used in an OS command. This allow...

8CVSS8.2AI score0.00822EPSS

Exploits0References7

CNVD•added 2024/07/19 12:0 a.m.•1 views

D-Link DAP-1325 SubnetMask Stack Buffer Overflow Vulnerability

D-Link DAP-1325 is a wireless access point/bridge made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network to wireless network or connect different wireless networks. The D-Link DAP-1325 suffers from a stack buffer overflow vulnerabilit...

8.8CVSS9.3AI score0.02772EPSS

Exploits0References1

OSV•added 2024/05/03 3:15 a.m.•0 views

CVE-2023-41194

D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability...

8.8CVSS6.2AI score0.01756EPSS

Exploits0References2

ATTACKERKB•added 2024/05/03 3:15 a.m.•0 views

CVE-2023-41194

8.8CVSS6.3AI score0.01756EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2024/05/03 2:11 a.m.•14 views

CVE-2023-41194 D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability

8.8CVSS8AI score0.01756EPSS

Exploits0References2

Cvelist•added 2024/05/03 2:11 a.m.•18 views

CVE-2023-41194 D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability

8.8CVSS9.3AI score0.01756EPSS

Exploits0References2

CVE•added 2024/05/03 2:11 a.m.•84 views

CVE-2023-41194

The CVE-2023-41194 issue affects D-Link DAP-1325 routers, specifically the HNAP SetAPLanSettings endpoint and the SubnetMask parameter. The root cause is insufficient validation of a user-supplied string used in a system call, enabling network-adjacent attackers to execute arbitrary code as root ...

8.8CVSS9.1AI score0.01756EPSS

Exploits0References2Affected Software1

CNNVD•added 2024/05/03 12:0 a.m.•1 views

D-Link DAP-1325 安全漏洞

8.8CVSS8.8AI score0.02772EPSS

Exploits0References3

CNNVD•added 2024/05/03 12:0 a.m.•0 views

D-Link DAP-1325 安全漏洞

8.8CVSS9AI score0.01756EPSS

Exploits0References3

OSV•added 2023/01/27 9:15 p.m.•0 views

CVE-2022-48108

D-Link DIR878FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload...

9.8CVSS5.8AI score

Exploits0References2

Positive Technologies•added 2022/09/26 12:0 a.m.•2 views

PT-2022-6976 · D Link · D-Link Dap-1325

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1325 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this issue. Th...

8.8CVSS7.4AI score0.01756EPSS

Exploits0References8

OSV•added 2022/05/10 2:15 p.m.•0 views

CVE-2022-28896

A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1FW130B06 allows attackers to escalate privileges to root via a crafted payload...

9.8CVSS7.3AI score0.28613EPSS

Exploits1References2

ATTACKERKB•added 2022/05/10 2:15 p.m.•0 views

CVE-2022-28896

A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1FW130B06 allows attackers to escalate privileges to root via a crafted payload...

10CVSS7.2AI score0.28613EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by