D-Link DSL 2888a - Authentication Bypass/Remote Command Execution

D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. id: CVE-2020-24579 info: name: D-Li...

CVE-2020-24578

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files such as the password hash file...

CVE-2021-33346

There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization...

CVE-2020-27862

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by...

D-LINK DSL-2888A Arbitrary Password Change Vulnerability

The D-LINK DSL-2888A is a unified services router from D-link China.A security vulnerability exists in the D-LINK DSL-2888A, which could be exploited by attackers to make unauthorized changes to the administrator user's password...

Authorization

There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization...

CVE-2021-33346

There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization...

VulnCheck KEV: CVE-2020-24581

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It contains an executecmd.cgi feature that is not reachable via the web user interface that lets an authenticated user execute Operating System commands...

Logic Flaw Vulnerability in DVA-2800 Management Platform, DSL-2888A Management Platform

AUO Electronic Equipment Shanghai Co., Ltd. is a company that mainly deals with network equipment, wireless equipment, switches and other items. A logic flaw vulnerability exists in the DVA-2800 management platform and DSL-2888A management platform, which can be exploited by attackers to obtain...

The vulnerability of D-Link DSL-2888A router microprogramming software, related to deficiencies in authentication procedures, allows attackers to carry out IP spoofing attacks.

The vulnerability of D-Link DSL-2888A router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a remote attacker to carry out IP spoofing attacks...

The vulnerability of the web portal of D-Link DSL-2888A microprogramming software for routers allows a hacker to exploit it to increase their privileges.

The vulnerability of the D-Link DSL-2888A router’s microprogramming software web portal is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

CVE-2020-27863

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 80...

CVE-2020-27862

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by...

CVE-2020-27863

CVE-2020-27863 affects D-Link DVA-2800 and DSL-2888A routers. The flaw is in the dhttpd service (listening on TCP port 8008 by default) where incorrect string-matching logic when accessing protected pages allows network-adjacent attackers to disclose stored credentials without authentication. The...

CVE-2020-27862

CVE-2020-27862 affects D-Link DVA-2800 and DSL-2888A routers. A flaw in the dhttpd service handling of the path parameter allows an unauthenticated, network-adjacent attacker to execute arbitrary code via a system call, with impact on the web server context. The issue is triggered by parsing the ...

D-Link DVA-2800 and DSL-2888A 命令注入漏洞

The D-link DSL-2888A is a Unified Services Router from China AUO D-link. A command injection vulnerability exists in the D-Link DVA-2800 and DSL-2888A firmware, which arises from a network system or product that does not properly filter specific elements of externally inputted data during the...

D-Link DVA-2800 and DSL-2888A License Issue Vulnerability

The D-Link DVA-2800 and DSL-2888A is a wireless router from D-Link. It provides the ability to connect to a network. An authorization issue vulnerability exists in D-Link DVA-2800 and DSL-2888A firmware version 2.3, which can be exploited by an attacker to disclose stored credentials, leading to...

D-link DSL-2888A Information Disclosure Vulnerability

The D-link DSL-2888A is a Unified Services Router from China AUO D-link. An information disclosure vulnerability exists in D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55, which originates from the disclosure of sensitive information in the response body, such as hashed admin...

CVE-2020-24577

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body...

CVE-2020-24577

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body...