18 matches found
EUVD-2020-5412
Malware in sbrugna...
EUVD-2020-5411
Malware in sbrugna...
D-Link DSP-W215 安全漏洞
D-Link DSP-W215 is a smart plug product from China AUO D-Link. A security vulnerability exists in the D-Link DSP-W215 version 1.02, which stems from the mycgi.cgi component improperly handling HTTP POST requests, which could lead to a stack buffer overflow and remote code execution...
CVE-2020-13136
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer...
Null pointer dereference
UNSUPPORTED WHEN ASSIGNED Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The...
PT-2021-18162 · D Link · D-Link Dsp-W215
Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 version 1.10 Description: A Null Pointer Dereference issue exists, which could allow a remote malicious user to cause a denial of service via usr/bin/lighttpd. This can be triggered by sending an HTTP request without a URL in...
D-Link DSP-W215 Information Disclosure Vulnerability (CNVD-2020-33174)
The D-Link DSP-W215 is a smart plug product from Taiwan, China-based AUO D-Link. A security vulnerability exists in D-Link DSP-W215 version 1.26b03. An attacker can exploit the vulnerability to cause information disclosure...
CVE-2020-13135
D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy...
Design/Logic Flaw
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer...
Information disclosure
D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy...
PT-2020-13350 · D Link · D-Link Dsp-W215
Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 version 1.26b03 Description: The issue concerns the transmission of an obfuscated hash by the device, which can be intercepted and decoded by a network sniffer. Recommendations: For D-Link DSP-W215 version 1.26b03, consider...
PT-2020-13349 · Squid +1 · Squid Proxy +1
Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 version 1.26b03 Description: The issue allows information disclosure by intercepting messages on the local network. This can be demonstrated using a Squid Proxy. Recommendations: For D-Link DSP-W215 version 1.26b03, consider...
D-Link Devices - 'info.cgi' POST Buffer Overflow (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link info.cgi POST Request Buffer Overflow', 'Description' = %q This module exploits an anonymous remote code execution vulnerabili...
D-Link HNAP - Request Remote Buffer Overflow (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link HNAP Request Remote Buffer Overflow', 'Description' = %q This module exploits an anonymous remote code execution vulnerability...
D-Link DSP-W215 (info.cgi) POST Request Buffer Overflow Exploit
This Metasploit module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is an stack based buffer overflow in the mycgi.cgi component, when handling specially crafted POST HTTP requests addresses to the /common/info.cgi handler. This Metasplo...
D-Link info.cgi POST Request Buffer Overflow
This module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is a stack based buffer overflow in the mycgi.cgi component, when handling specially crafted POST HTTP requests addresses to the /common/info.cgi handler. This module has been...
D-Link HNAP Request Remote Buffer Overflow
This module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is due to a stack based buffer overflow while handling malicious HTTP POST requests addressed to the HNAP handler. This module has been successfully tested on D-Link DIR-505 in an...
Stack overflow
Stack-based buffer overflow in the dohnap function in www/mycgi.cgi in D-Link DSP-W215 Rev. A1 with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in...