D-Link多款产品 访问控制错误漏洞

D-Link DNS-120, etc., are products of D-Link Corporation, a Chinese company. The D-Link DNS-120 is a network storage adapter. The D-Link DNR-202L is a network video camera. The D-Link DNS-315L is a network attached storage device. Several D-Link products have a vulnerability related to access...

CVE-2024-8213

A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is th...

CVE-2024-8214

CVE-2024-8214 affects a range of D-Link NAS devices (DNS-120, DNS-320 series, DNS-315L, DNS-321, etc.) up to 20240814. The vulnerability resides in the CGI function cgi_FMT_Std2R5_2nd_DiskMGR within /cgi-bin/hd_config.cgi, where manipulating the f_source_dev parameter enables remote command injec...

CVE-2024-8212

CVE-2024-8212 affects several D-Link NAS/NVR models (DNS-120, DNR-202L, DNS-315L, DNS-320/320L/320LW/321, DNR-322L, DNS-323/325/326/327L, DNR-326, DNS-340L, DNS-343/345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04) up to 2024-08-14. The vulnerability resides in function cgi_FMT_R12R5_2nd_Disk...

CVE-2024-8131

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by thi...

CVE-2024-7832

The CVE-2024-7832 issue concerns D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04. The vulnerability is in the function cgi_get_fullscr...

Exploit for Command Injection in Dlink Dns-320L_Firmware

CVE-2024-3273 - D-Link Remote Code Execution RCE :boom: A c...

CVE-2024-3273 D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

CVE-2024-3272 D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The...

CVE-2024-3272 D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The...

CVE-2024-3273

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

CVE-2014-7860

The web/webfile/fbpublish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target albumid and accesstoken...

CVE-2014-7857

CVE-2014-7857 affects multiple D-Link NAS/DVR devices (DNS-320L, DNS-327L, DNR-326, DNS-320B, DNS-345, DNS-325, DNS-322L). The root issue is a weakness in the authentication flow: an attacker can bypass login by sending the cgi_set_wto command in the cmd parameter and forcing the spawned session ...

CVE-2014-7860

The CVE-2014-7860 issue affects D-Link DNS-320L (pre-1.04b12) and DNS-327L (pre-1.03b04 Build0119). The web/web_file/fb_publish.php script fails to authenticate requests, enabling remote attackers to obtain arbitrary photos and publish them to a Facebook profile using a target album_id and access...

CVE-2014-7857

D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgisetwto command in the c...

CVE-2014-7860

The web/webfile/fbpublish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target albumid and accesstoken...