12 matches found
EUVD-2022-46640
Malicious code in bioql PyPI...
EUVD-2022-43989
Malicious code in bioql PyPI...
CVE-2022-43644
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on T...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on T...
CVE-2022-43644
CVE-2022-43644 affects D-Link DIR-825 routers (version 1.0.9/EE). The vulnerability originates in the Dreambox plugin for the xupnpd service, which listens on TCP port 4044. It stems from improper validation of a user-supplied string before it is used to execute a system call, allowing network-ad...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on...
CVE-2022-40720
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on...
CVE-2022-40720
The CVE-2022-40720 issue affects D-Link DIR-2150 routers (firmware 4.0.1) via the Dreambox xupnpd plugin, which listens on TCP port 4044. The root cause is improper validation of a user-supplied string before it is used in a system call, enabling network-adjacent attackers to execute arbitrary co...
PT-2022-26990 · D Link · D-Link Dir-825
Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 version 1.0.9/EE Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the Dreambox...
D-Link DIR-825/EE xupnpd Dreambox Plugin Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP por...
D-Link DIR-2150 xupnpd Dreambox Plugin Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP...
PT-2022-4849 · D Link · D-Link Dir-2150
Name of the Vulnerable Software and Affected Versions: D-Link DIR-2150 versions 4.0.1 Description: The issue is related to the xupnpd service in D-Link DIR-2150 routers, specifically the Dreambox plugin, which listens on TCP port 4044 by default. It allows network-adjacent attackers to execute...