CVE-2023-32144

D-Link DAP-1360 webproc COMMMakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this...

CVE-2023-32146

D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. T...

CVE-2023-32138

D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific...

CVE-2023-32137

D-Link DAP-1360 webproc WEBDisplayPage Directory Traversal Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerabilit...

CVE-2023-32141

D-Link DAP-1360 webproc WEBDisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability...

CVE-2023-32146

CVE-2023-32146 affects D-Link DAP-1360 devices. Root cause: a stack-based buffer overflow in /cgi-bin/webproc when parsing the errorpage and nextpage parameters, copying data into a fixed-length buffer. This allows remote, network-adjacent attackers (no authentication) to execute code with root p...

CVE-2023-32146 D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. T...

CVE-2023-32144 D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc COMMMakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this...

CVE-2023-32142

The CVE-2023-32142 issue affects D-Link DAP-1360 (and DAP-2020 variants in PT security listing) where the /cgi-bin/webproc endpoint processes the var:page parameter and, due to improper length validation, leads to a stack-based buffer overflow and remote code execution with root privileges. The v...

CVE-2023-32139 D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific...

CVE-2023-32138 D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific...

CVE-2023-32138

CVE-2023-32138 affects D-Link DAP-1360 (and related DAP-2020 devices per sources). The vulnerability is a heap-based buffer overflow in the webproc handler for the "/cgi-bin/webproc" endpoint, caused by improper validation of the length of user-supplied data copied into a fixed‑length heap buffer...

CVE-2023-32138 D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific...

PT-2024-13229 · Peplink · Peplink Smart Reader

Name of the Vulnerable Software and Affected Versions: Peplink Smart Reader version 1.2.0 Description: An information disclosure vulnerability exists in the web interface functionality of the /cgi-bin/download config.cgi endpoint. A specially crafted HTTP request can lead to a disclosure of...

D-Link DNS-320 信息泄露漏洞

The D-Link DNS-320 is a NAS Network Attached Storage device from China's AUO D-Link. An information disclosure vulnerability exists in the D-Link DNS-320L, which originates from an information disclosure vulnerability in the file /cgi-bin/info.cgi. Affected products and versions: D-Link DNS-320L,...

VulnCheck KEV: CVE-2021-20039

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances...

TOTOLINK N350RT Session Hijacking Vulnerability

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from a session hijacking vulnerability, which is caused by insufficient session expiration in the /cgi-bin/cstecgi.cgi script. An attacker could use this vulnerability to access other...

CVE-2024-1004

A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139B20201216. This affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument httphost leads to stack-based buffer overflow. It is possible to initiate the attack remotel...

Stack overflow

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216 and classified as critical. Affected by this issue is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. The attack may be launched remotely...

TOTOLINK N200RE 安全漏洞

The TOTOLINK N200RE is a wireless router for the SOHO market. The TOTOLINK N200RE suffers from a buffer overflow vulnerability that originates from a stack-based buffer overflow in the eTime parameter of the setParentalRules function of /cgi-bin/cstecgi.cgi. No detailed vulnerability details are...