CVE-2023-41186

CVE-2023-41186 concerns the D-Link DAP-1325 router where the CGI interface allows access without authentication. The flaw enables network-adjacent attackers to access functionality that should be restricted, potentially leading to disclosure of stored credentials and further compromise. The vulne...

CVE-2023-41186 D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability

D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to access various functionality on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific fl...

CVE-2023-41186 D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability

D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to access various functionality on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific fl...

CVE-2023-32146

CVE-2023-32146 affects D-Link DAP-1360 devices. Root cause: a stack-based buffer overflow in /cgi-bin/webproc when parsing the errorpage and nextpage parameters, copying data into a fixed-length buffer. This allows remote, network-adjacent attackers (no authentication) to execute code with root p...

CVE-2023-32146 D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. T...

CVE-2023-32144 D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc COMMMakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this...

CVE-2023-32142

The CVE-2023-32142 issue affects D-Link DAP-1360 (and DAP-2020 variants in PT security listing) where the /cgi-bin/webproc endpoint processes the var:page parameter and, due to improper length validation, leads to a stack-based buffer overflow and remote code execution with root privileges. The v...

CVE-2023-32139 D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific...

CVE-2023-32138 D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific...

CVE-2023-32138 D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific...

CVE-2023-32138

CVE-2023-32138 affects D-Link DAP-1360 (and related DAP-2020 devices per sources). The vulnerability is a heap-based buffer overflow in the webproc handler for the "/cgi-bin/webproc" endpoint, caused by improper validation of the length of user-supplied data copied into a fixed‑length heap buffer...

D-Link DIR-X3260 安全漏洞

D-Link DIR-X3260 is a Wi-Fi 6 router from China's AUO D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from an incorrect authentication bypass vulnerability implemented by the prog.cgi authentication algorithm...

D-Link DIR-X3260 安全漏洞

D-Link DIR-X3260 is a Wi-Fi 6 router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from a prog.cgi SetTriggerPPPoEValidate stack-based buffer overflow remote code execution vulnerability...

PT-2024-3191 · D Link · D-Link Dir-822

Name of the Vulnerable Software and Affected Versions: D-Link DIR-822+ version 1.0.5 Description: The issue is related to a command injection in the SetPlcNetworkpwd function of the prog.cgi script, which allows remote attackers to execute arbitrary commands via shell. This is due to the lack of...

[SECURITY] Fedora 40 Update: php-8.3.6-1.fc40

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2023-43491

An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...

CVE-2023-45209

CVE-2023-45209 affects Peplink Smart Reader v1.2.0 (QEMU). The Red Hat advisory notes an information-disclosure vulnerability in the web interface at /cgi-bin/download_config.cgi. An unauthenticated HTTP request can disclose sensitive information. The documentation does not provide a remediation ...

PT-2024-13229 · Peplink · Peplink Smart Reader

Name of the Vulnerable Software and Affected Versions: Peplink Smart Reader version 1.2.0 Description: An information disclosure vulnerability exists in the web interface functionality of the /cgi-bin/download config.cgi endpoint. A specially crafted HTTP request can lead to a disclosure of...

Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability

Talos Vulnerability Report TALOS-2023-1866 Peplink Smart Reader web interface /cgi-bin/uploadconfig.cgi data integrity vulnerability April 17, 2024 CVE Number CVE-2023-45744 SUMMARY A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart...

Ubuntu 20.04 LTS : Squid regression (USN-6728-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6728-2 advisory. USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has be...