CVE-2023-39637

CVE-2023-39637 affects D-Link DIR-816 A2 firmware 1.10 B05. The vulnerability is a command injection via the vulnerable component /goform/Diagnosis . CVSS-3.1 base metrics indicate network access, no privileges required, no user interaction, and high impact on confidentiality, integrity, and avai...

D-Link DIR-816 A2 Command Injection Vulnerability

The D-Link DIR-816 A2 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-816 A2 version 1.10 B05, which originates from the component /goform/Diagnosis containing command injection...

Fedora 37 : java-1.8.0-openjdk-portable (2023-ac752f8c37)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ac752f8c37 advisory. updated to CPU 07/23 jdk8u382-b05 removed removal of EC curves Tenable has extracted the preceding description block directly from the Fedora security...

java-1.8.0-openjdk security and bug fix update

1:1.8.0.382.b05-2.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:1.8.0.382.b05-2 - CVE-2023-22045 and CVE-2023-22049 fixed - Release bump for Oracle rebuild 1:1.8.0.382.b05-1 - Update to shenandoah-jdk8u372-b05 GA - Update release notes for shenandoah-8u372-b05. - This tarball is embargoed...

java-1.8.0-openjdk security and bug fix update

1:1.8.0.382.b05-1 - Update to shenandoah-jdk8u372-b05 GA - Update release notes for shenandoah-8u372-b05. - This tarball is embargoed until 2023-07-18 @ 1pm PT. - Resolves: rhbz2221106 1:1.8.0.382.b04-0.1.ea - Update to shenandoah-jdk8u382-b04 EA - Update release notes for shenandoah-8u382-b04. -...

CVE-2022-43003

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function...

D-Link DIR-816 A2 缓冲区错误漏洞

The D-Link DIR-816 A2 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-816 A2 version 1.10 B05, which originates from a stack overflow in the pskValue parameter of the setRepeaterSecurity function...

CVE-2022-43001

CVE-2022-43001 affects D-Link DIR-816 A2, version 1.10 B05, with a stack overflow in the setSecurity function’s pskValue parameter. The vulnerability is documented with a high-impact CVSS v3.1 score (9.8, CRITICAL) across network attack vector, no user interaction, and impacts to confidentiality,...

CVE-2022-43003

CVE-2022-43003 affects D-Link DIR-816 A2 router with firmware 1.10 B05. The vulnerability is a stack overflow in the setRepeaterSecurity function triggered via the pskValue parameter, impacting confidentiality, integrity, and availability (CVSS v3.1: 9.8). Connected documents corroborate a buffer...

D-Link DIR-816 A2 缓冲区错误漏洞

The D-Link DIR-816 A2 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-816 A2 version 1.10 B05, which originates from a stack overflow in the srcip parameter of /goform/form2IPQoSTcAdd...

CVE-2022-42999

CVE-2022-42999 affects the D-Link DIR-816 A2 router (firmware 1.10 B05). The root cause is command injection in the web API endpoint at /goform/setSysAdm, exploitable through the admuser and admpass parameters. The issue can lead to arbitrary command execution with high impact, notably a High CVS...

D-Link DIR-816 A2 缓冲区错误漏洞

The D-Link DIR-816 A2 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-816 A2 version 1.10 B05, which originates from a stack overflow in the pskValue parameter of the setSecurity function...

CVE-2022-43002

The CVE-2022-43002 entry concerns a D-Link DIR-816 A2 device with firmware 1.10 B05 (noted in multiple sources). The vulnerability is a stack overflow in the wizardstep54_pskpwd parameter handled by /goform/form2WizardStep54, affecting the network-facing form. CVSS metrics indicate a CRITICAL imp...

D-Link DIR-816 A2 授权问题漏洞

D-Link DIR-816 A2 is a wireless router from D-Link, Taiwan, China. D-Link DIR-816 A2 1.10 B05 is vulnerable to command injection, which can be exploited by attackers to arbitrarily reset the device to /goform/form2Reboot.cgi via the crafted tokenid parameter...

PT-2022-18169 · Arris · Sbr-Ac1900P +2

Name of the Vulnerable Software and Affected Versions: Arris routers SBR-AC1900P version 1.0.7-B05 Arris routers SBR-AC3200P version 1.0.7-B05 Arris routers SBR-AC1200P version 1.0.5-B05 Description: A command injection issue was discovered in the pppoe function, allowing attackers to execute...

D-Link DIR-816 Stack Buffer Overflow Vulnerability

The D-Link DIR-816 is a wireless AC750 dual-band router. A stack buffer overflow vulnerability exists in the handler function of /goform/addassignment in the D-Link DIR-816 A2 version 1.10 B05. An attacker can exploit the vulnerability by entering long text in the sip and smac fields to cause the...

D-Link DIR-816 Command Injection Vulnerability (CNVD-2019-02398)

D-Link DIR-816 is a home router product from AUO. A command injection vulnerability exists in the D-Link DIR-816 A2 version 1.10 B05, which stems from the program's use of the 'datetime' parameter value to construct the 'date -s "%s"' command, which can be exploited by an attacker to this...

Stack overflow

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address...

Command injection

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter...

CVE-2018-17063

CVE-2018-17063 affects D‑Link DIR-816 A2 firmware 1.10 B05. In the NTPSyncWithHost handler, an HTTP request parameter is used to construct a shell command, enabling command injection via shell metacharacters . A remote attacker could potentially execute arbitrary commands on the device. Public so...