2 matches found
D-Link DIR816L Command Injection (CVE-2022-28915; CVE-2022-28958; CVE-2022-37123; CVE-2022-37125; CVE-2022-37129)
A command injection vulnerability exists in D-Link DIR816L. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2022-37129
CVE-2022-37129 affects the D-Link DIR-816 A2 with firmware version 1.10CNB04. The vulnerability is a remote command injection via the HTTP endpoint /goform/SystemCommand . User-supplied parameter “command” is spliced into a local buffer (byte_4836B0) using snprintf and then executed through a cal...