3 matches found
CVE-2022-40719
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpdgeneric.lua plugin for the xupnpd service, which...
D-Link DIR-2150 <= 4.0.1 Multiple Vulnerabilities
D-Link DIR-2150 devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2022-40719
CVE-2022-40719 affects D-Link DIR-2150 firmware 4.0.1. The vulnerability lies in the xupnpd_generic.lua plugin of the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the input is not properly validated before being used in a system call, enabling networ...