29 matches found
CVE-2018-17063
CVE-2018-17063 affects D‑Link DIR-816 A2 firmware 1.10 B05. In the NTPSyncWithHost handler, an HTTP request parameter is used to construct a shell command, enabling command injection via shell metacharacters . A remote attacker could potentially execute arbitrary commands on the device. Public so...
CVE-2018-17068
An explicit vulnerability entry exists for D-Link DIR-816 A2 with firmware 1.10 B05 (DIR-816) where the HTTP /goform/Diagnosis handler builds a command string using the sendNum parameter, enabling command injection via shell metacharacters. Connected CNVD/CVEs reiterate that this is a command-inj...
PT-2018-3882 · D Link · D-Link Dir-816 A2
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05 Description: The issue is related to a stack-based buffer overflow in the handler function of the "/goform/DDNS" route. This overflow can occur when a very long password is used, potentially allowing an...
PT-2018-3883 · D Link · D-Link Dir-816 A2
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05 Description: An issue exists due to the lack of neutralization of special elements used in the command string construction within the handler function of the "/goform/sylogapply" route. This could lead to...
PT-2018-3880 · D Link · D-Link Dir-816 A2
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05 Description: The issue is related to a stack-based buffer overflow that can occur when a very long password is sent to the /goform/formLogin endpoint. This can lead to overwriting the return address. The...
PT-2018-3881 · D Link · D-Link Dir-816 A2
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05 Description: An issue exists in the handler function of the "/goform/form2systime.cgi" route, where an HTTP request parameter is used in command string construction. This could lead to command injection via...
CVE-2017-3193
Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service...
PT-2017-15703 · D Link · Dir-850L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L firmware versions 1.14B07 and 2.07.B05 Description: A stack-based buffer overflow issue exists in the web administration interface HNAP service of the affected devices. Recommendations: For firmware version 1.14B07, update to ...
Stack Buffer Overflow Vulnerability in Multiple D-Link Products
The D-Link DIR-850L is a wireless router from AUO D-Link. A stack buffer overflow vulnerability exists in the D-Link DIR-850L using firmware versions 1.14B07 and 2.07.B05. An attacker can exploit this vulnerability to execute arbitrary code in the context of the affected device, resulting in a...