CVE-2022-44808

A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function execute...

D-Link DIR-823G 操作系统命令注入漏洞

D-Link DIR-823G is a wireless router from D-Link, a Chinese company. A security vulnerability exists in D-Link DIR-823G firmware version 1.02B03, which stems from its HNAP API function allowing an attacker to implement arbitrary operating system command execution via a carefully crafted HNAP1...

D-Link DIR-823G Command Injection Vulnerability (CNVD-2019-20996)

The D-Link DIR-823G is a wireless router from AUO D-Link of Taiwan, China. A command injection vulnerability exists in HNAP1 in the D-Link DIR-823G using firmware version 1.02B03. The vulnerability stems from a network system or product not properly filtering specific elements of externally input...

CVE-2019-13128

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 exploitable with Authentication via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings...

CVE-2019-13128

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 exploitable with Authentication via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings...

D-Link DIR-823G Improper Access Control Vulnerability

The D-Link DIR-823G is an AC1200M dual-band Gigabit wireless router. An improper access control vulnerability exists in the D-Link DIR-823G with firmware version 1.02B03. A remote attacker can exploit the vulnerability to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API of the web service...

CVE-2019-8392

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead...

CVE-2019-7389

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack...

Information disclosure

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information such as MAC address about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achiev...

CVE-2019-7388

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information such as MAC address about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achiev...

CVE-2019-7389

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack...

Command injection

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input fr...

CVE-2019-7297

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system...

PT-2019-1345 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G devices with firmware through 1.02B03 Description: An issue allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls...