CVE-2025-60676

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...

CVE-2024-48638

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...

CVE-2024-48638

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...

PT-2024-7030 · D Link · D-Link Dir-878 +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-882 versions FW130B06 D-Link DIR-878 version FW130B08 Description: A command injection issue exists in the SetGuestZoneRouterSettings function due to insufficient neutralization of special elements used in an OS command. This allow...

CVE-2011-5149

Multiple cross-site scripting XSS vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 testaddr or 2 testpass parameter to auth-settings.php; 3 hostname, 4 domainname, or 5 mailserver parameter to setup-relay.php; or 6 subnetmask or...