D-Link DIR-803 - Authentication Bypass

An authentication bypass vulnerability exists in D-Link DIR-803 routers firmware A1 1.04 and earlier. By manipulating the AUTHORIZEDGROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication. id:...

D-Link DIR-803 Information Disclosure Vulnerability

The D-Link DIR-803 is a wireless router from China's AUO D-Link. The D-Link DIR-803 suffers from an information disclosure vulnerability that originates from the incorrect operation of the parameter AUTHORIZEDGROUP in the file /getcfg.php of the component Configuration Handler, which can be...

CVE-2025-14528

A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZEDGROUP results in information disclosure. The attack may be performed from remote. The exploit is no...

CVE-2025-14528

A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZEDGROUP results in information disclosure. The attack may be performed from remote. The exploit is no...

CVE-2025-14528 D-Link DIR-803 Configuration getcfg.php information disclosure

A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZEDGROUP results in information disclosure. The attack may be performed from remote. The exploit is no...

EUVD-2025-202757

A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZEDGROUP results in information disclosure. The attack may be performed from remote. The exploit is no...

VulnCheck KEV: CVE-2022-28956

An issue in the getcfg.php component of D-Link DIR816LFW206b01 allows attackers to access the device via a crafted payload...

EUVD-2025-27121

Malicious code in bioql PyPI...

CVE-2025-10093

A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgimain of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The explo...

CVE-2025-10093

A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgimain of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The explo...

CVE-2025-10093 D-Link DIR-852 Device Configuration getcfg.php phpcgi_main information disclosure

A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgimain of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The explo...

CVE-2025-10093 D-Link DIR-852 Device Configuration getcfg.php phpcgi_main information disclosure

A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgimain of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The explo...

CVE-2024-57045

A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...

The vulnerability of the /htdocs/web/getcfg.php file in the D-Link DIR-815 router’s microprogramming software allows a hacker to access confidential information.

The vulnerability of the /htdocs/web/getcfg.php file in the D-Link DIR-815 router microprogramming system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to disclose confidential information through a specially crafted GET request...

VulnCheck KEV: CVE-2024-0769

D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling...

VulnCheck KEV: CVE-2021-40655

D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page...

CVE-2024-33110

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component...

D-Link DIR-845 安全漏洞

The D-Link DIR-845 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-845L v1.01KRb03 version and earlier versions, which stems from a privilege bypass vulnerability in the getcfg.php component...

PT-2024-3332 · D Link · Dir-845L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-845L router versions v1.01KRb03 and before Description: The issue is related to a Permission Bypass vulnerability via the getcfg.php component. It is associated with inadequate access control when handling the AUTHORIZED GROUP...

The vulnerability in the hedwig.cgi script of D-Link DIR-859 router software allows a hacker to gain unauthorized access to protected information.

The vulnerability in the hedwig.cgi microprogramming system of D-Link DIR-859 relates to an incorrect restriction on the path name to the getcfg directory ../../.. /../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml, which provides limited access. Exploiting this vulnerability can allow an attacker to...