CVE-2026-2143

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/setddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is...

CVE-2026-2143

CVE-2026-2143 affects D-Link DIR-823X (firmware 250416), targeting the DDNS Service. The vulnerability stems from improper handling of parameters in the /goform/set_ddns file (ddnsType, ddnsDomainName, ddnsUserName, ddnsPwd) enabling remote OS command injection. The issue enables remote execution...

EUVD-2024-46481

Malicious code in bioql PyPI...

EUVD-2022-40734

Malicious code in bioql PyPI...

EUVD-2024-51343

Malicious code in bioql PyPI...

EUVD-2025-6459

Malicious code in bioql PyPI...

EUVD-2022-34161

Malicious code in bioql PyPI...

EUVD-2025-7167

Malicious code in bioql PyPI...

The vulnerability of the SetDDNSSettings() function (/HNAP1/) of the DDNS Service component of the D-Link DIR-823G router’s software, which allows a hacker to circumvent security restrictions.

The vulnerability of the SetDDNSSettings function /HNAP1/ of the DDNS Service component of the D-Link DIR-823G router’s software stack is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent security restrictions from a...

CVE-2024-13102

A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has be...

CVE-2022-29843

A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user...

CVE-2019-14929

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management ...

D-Link DIR-605L/DIR-618 formSetDDNS Function Access Control Error Vulnerability

The D-Link DIR-605L and D-Link DIR-618 are both a wireless router from China-based AUO D-Link. An Access Control Error vulnerability exists in the D-Link DIR-618 version 2.02 and DIR-605L version 3.02, which stems from improper access control of the file /goform/formSetDDNS, and can be exploited ...

CVE-2025-2550

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiate...

CVE-2025-2550

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiate...

CVE-2025-2550

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiate...

CVE-2025-2550 D-Link DIR-618/DIR-605L DDNS Service formSetDDNS access control

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiate...

CVE-2025-2550

CVE-2025-2550 affects D-Link DIR-618 and DIR-605L (versions 2.02/3.02). The vulnerability is an access-control flaw in the DDNS service endpoint /goform/formSetDDNS, enabling improper access within the local network. Multiple sources (NVD, CNVD/CNNVD, Red Hat) describe the issue as an access-cont...

CVE-2025-2359

A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B0520181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authorization. It is possible to launch the attack...

CVE-2025-2359

A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B0520181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authorization. It is possible to launch the attack...