42 matches found
CVE-2019-12767
An issue was discovered on D-Link DAP-1650 devices before 1.04B02J65H Hot Fix. Attackers can execute arbitrary commands...
EUVD-2019-4352
Malware in sbrugna...
EUVD-2019-4351
Malware in sbrugna...
CVE-2024-40505
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component...
CVE-2019-12768
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02J65H Hot Fix. Attackers can bypass authentication via forceful browsing...
CVE-2024-23624
A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root...
CVE-2024-23625
A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root...
D-Link DAP-1650 EOL Device Directory Traversal Vulnerability (Jul 2024)
D-Link DAP-1650 devices are prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
D-Link DAP-1650 EOL Device Multiple Command Injection Vulnerabilities (Jan 2024)
D-Link DAP-1650 devices are prone to multiple command injection vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2024-40505
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component...
CVE-2024-40505
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component...
CVE-2024-40505
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component...
CVE-2024-40505
Summary: CVE-2024-40505 is a directory traversal vulnerability in D-Link DAP-1650 firmware v1.03, exploitable by a local attacker via hedwig.cgi to achieve privilege escalation. The vulnerability affects the device’s firmware components and has a high impact on confidentiality, integrity, and ava...
PT-2024-28884 · D Link · D-Link Dap-1650
Name of the Vulnerable Software and Affected Versions: D-Link DAP-1650 Firmware version 1.03 Description: A Directory Traversal issue allows a local attacker to escalate privileges via the hedwig.cgi component. Recommendations: For D-Link DAP-1650 Firmware version 1.03, consider restricting acces...
CVE-2024-40505
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component...
The vulnerability of the gena.cgi module in D-Link DAP-1650 wireless access points allows a intruder to execute arbitrary commands.
The vulnerability of the gena.cgi module in D-Link DAP-1650 wireless access points is related to improper validation of input data during the processing of UPnP SUBSCRIBE messages. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using specially crafted data...
Command injection
A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root...
Command injection
A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root...
D-Link DAP-1650 Command Injection Vulnerability
The D-Link DAP-1650 is a WiFi range extender from China AUO D-Link. A security vulnerability exists in the D-Link DAP-1650 that stems from a command injection vulnerability in the gena.cgi module...
CVE-2024-23625
CVE-2024-23625 affects D-Link DAP-1650 devices and involves a command injection vulnerability when processing UPnP SUBSCRIBE messages. Affected component is the UPnP SUBSCRIBE Message Handler; root-level command execution is possible for unauthenticated attackers. Multiple sources (NVD, Red Hat a...