32 matches found
EUVD-2018-17974
Malware in sbrugna...
EUVD-2018-17973
Malware in sbrugna...
The vulnerability of the index.cgi component of D-Link DIR-620 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the index.cgi component in D-Link DIR-620 router microprogramming software is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using...
The vulnerability in the web interface of D-Link DIR-620 microprogrammed software routers allows a attacker to carry out XSS attacks.
The vulnerability of the web interface of D-Link DIR-620 router software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the web interface of D-Link DIR-620 microprogrammed router software allows a hacker to enhance their privileges and gain unauthorized access to protected information.
The vulnerability of the web interface of D-Link DIR-620 microprogrammed software routers is related to the use of pre-installed registration data. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain unauthorized access to protected information...
The vulnerability of D-Link DIR-620 router’s microprogramming software, which stems from the use of pre-installed registration data, allows attackers to enhance their privileges and execute arbitrary code.
The vulnerability of D-Link DIR-620 router microprogramming software is related to the use of pre-installed registration data. Exploiting this vulnerability allows a remote attacker to enhance their privileges and execute arbitrary code...
D-Link DIR-620 Command Injection (CVE-2018-6211)
A command injection vulnerability exists in D-Link DIR-620 routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands...
Cross site scripting
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...
CVE-2018-6211
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...
CVE-2018-6213
In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...
Command injection
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...
CVE-2018-6212
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...
Hardcoded credentials
In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...
CVE-2018-6213
In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...
CVE-2018-6211
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...
CVE-2018-6212
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...
CVE-2018-6211
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...
CVE-2018-6213
In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...
CVE-2018-6212
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...
CVE-2018-6213
Summary: CVE-2018-6213 affects D-Link DIR-620 devices with ISP-customized firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0 and 2.0.22. The issue is a hardcoded admin password set to “anonymous” in the web server, enabling privileged access without authentication. The connected documents corrobo...