17411 matches found
EUVD-2026-42692
A weakness has been identified in D-link DIR-823G 1.0.2B0520181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The...
CVE-2026-15270 D-link DIR-823G Web boa.conf least privilege violation
A weakness has been identified in D-link DIR-823G 1.0.2B0520181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The...
CVE-2026-15270
A weakness has been identified in D-link DIR-823G 1.0.2B0520181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The...
PT-2026-56920
Name of the Vulnerable Software and Affected Versions D-link DIR-823G version 1.0.2B05 20181207 Description A weakness exists in the Web Interface component within the /etc/boa/boa.conf file. A remote attacker can perform a manipulation that leads to a least privilege violation. This attack is...
CVE-2026-13545
A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed ...
EUVD-2026-40045
A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed ...
CVE-2026-13545 D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection
A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed ...
CVE-2026-13545
CVE-2026-13545 affects D-Link DCS-935L 1.10.01. The vulnerability is in the function sub_400E40 of setconf.cgi (POST Parameter Handler); manipulating the UID argument enables an OS command injection. The attack can be launched remotely, and the exploit has been disclosed publicly. CVSS metrics in...
PT-2026-53222
Name of the Vulnerable Software and Affected Versions D-Link DCS-935L version 1.10.01 Description An OS command injection flaw exists in the POST Parameter Handler component. The issue occurs within the sub 400E40 function of the setconf.cgi file. A remote attacker can exploit this by manipulatin...
The vulnerability in the webfile_mgrc.ipl software for D-Link DNS-320 allows a hacker to execute arbitrary commands.
The vulnerability in the webfilemgrc.cgi script of the D-Link DNS-320 network storage software exists due to the lack of measures taken to neutralize special elements used in the operating system’s command syntax. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...
D-Link Network Attached Storage - Command Injection and Backdoor Account
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...
CVE-2026-12174
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has...
CVE-2026-12174 D-Link DCS-935L HTTP rhea snprintf format string
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has...
CVE-2026-12174 D-Link DCS-935L HTTP rhea snprintf format string
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has...
CVE-2026-12174
CVE-2026-12174 affects D-Link DCS-935L firmware 1.10.01. The vulnerability is in the HTTP Handler’s function snprintf used by /web/cgi-bin/greece/rhea, allowing format-string manipulation. This can enable a remote attacker to exploit the flaw; public exploits have been disclosed. The available do...
PT-2026-49083
Name of the Vulnerable Software and Affected Versions D-Link DCS-935L version 1.10.01 Description A format string issue exists in the HTTP Handler component within the file '/web/cgi-bin/greece/rhea'. The problem occurs in the snprintf function when the data argument is manipulated, allowing a...
CVE-2026-11555
A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of...
CVE-2026-11497
A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has bee...
CVE-2026-11492
A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to...
CVE-2026-11555
A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of...