8 matches found
CVE-2023-44404
D-Link DAP-1325 getvaluefromapp Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-41207
D-Link DAP-1325 SetHostIPv6StaticSettings StaticAddress Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit...
CVE-2023-44403
CVE-2023-44403 affects D-Link DAP-1325 routers via the HNAP1 SOAP endpoint, SetWLanRadioSettings channel command handling. The vulnerability arises from insufficient validation of a user-supplied string used in a system call, allowing network-adjacent attackers to execute arbitrary code with root...
CVE-2023-41201
The CVE concerns D-Link DAP-1325 with a command-injection path in the HNAP1 SOAP endpoint. Affected component: SetSetupWizardStatus handling within DAP-1325 devices. Root cause: improper validation of a user-supplied string before it is used to execute a system call, enabling remote code executio...
CVE-2023-41198
CVE-2023-41198 impacts the D-Link DAP-1325 router. The flaw is in the HNAP1 endpoint under the function SetHostIPv6StaticSettings, specifically the StaticDNS1 parameter. Lack of validation of a user-supplied string leads to command injection and remote code execution with root privileges. Attack ...
CVE-2023-41193 D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability
D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...
CVE-2023-41187
CVE-2023-41187 affects D-Link DAP-1325 via HNAP: missing authentication allows network-adjacent attackers to execute arbitrary code with root privileges. The vulnerability stems from unauthenticated access to the HNAP interface. Documented by NVD and ZDI, with no confirmed exploit status or publi...
D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoin...