CVE-2024-33110

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component...

CVE-2024-33110

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component...

CVE-2024-33110

The CVE-2024-33110 issue affects D-Link DIR-845L routers (versions v1.01KRb03 and earlier) and is caused by a permission bypass in the getcfg.php component due to inadequate access control around the AUTHORIZED GROUP parameter. This can enable a remote attacker to bypass security restrictions, po...

CVE-2022-36755

D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZEDGROUP=1 value, as demonstrated by a request for getcfg.php...

CVE-2022-36755

D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZEDGROUP=1 value, as demonstrated by a request for getcfg.php...

CVE-2022-36755

CVE-2022-36755 affects D-Link DIR845L A1 with an authentication flaw exploitable via an AUTHORIZED_GROUP=1 value, demonstrated by a getcfg.php request. CVSSv3.1 base score 9.8 (CRITICAL) with network access, no user interaction required, and impacts on confidentiality, integrity, and availability...

CVE-2022-36755

D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZEDGROUP=1 value, as demonstrated by a request for getcfg.php...

CVE-2022-28956

An issue in the getcfg.php component of D-Link DIR816LFW206b01 allows attackers to access the device via a crafted payload...

CVE-2022-28956

An issue in the getcfg.php component of D-Link DIR816LFW206b01 allows attackers to access the device via a crafted payload...

CVE-2022-28956

CVE-2022-28956 affects the D-Link DIR816L router, specifically the getcfg.php component in firmware FW206b01. The root cause is described as errors in the getcfg.php code that allow an unauthenticated attacker to access the device via a crafted payload, with impact described as partial confidenti...

PT-2022-2698 · D Link · D-Link Dir-816L

Name of the Vulnerable Software and Affected Versions: D-Link DIR816L versions FW206b01 Description: The issue is related to the getcfg.php component and is caused by errors in the code. It allows attackers to access the device by using a specially crafted payload. Recommendations: For D-Link...

The vulnerability of the microprogrammed software of the D-Link DIR-615 Q1 network device, related to insufficient protection of registration data, allows a intruder to gain unauthorized access to the protected information.

The vulnerability of the D-Link DIR-615 Q1 network device’s microprogramming software is related to insufficient protection for registration data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by sending a mail...

D-Link DIR-615 information leakage vulnerability

The D-Link DIR-615 is a SOHO wireless router with a maximum transfer rate of 300 Mbps. An information disclosure vulnerability exists in the D-Link DIR-615. The vulnerability can be exploited to obtain user name and password by forging a post request to the /getcfg.php page...

CVE-2021-40654

An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...

Information disclosure

An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...

D-link Dir-605 B2 安全漏洞

D-Link DIR-605L is the first cloud router launched by D-link with a transfer speed of 300Mpbs. The D-Link DIR-605L is vulnerable to information disclosure. An attacker can exploit the vulnerability by forging a post request to the /getcfg.php page to obtain a username and password...

PT-2021-4897

Name of the Vulnerable Software and Affected Versions D-LINK-DIR-605 B2 Firmware version 2.01MT Description An information disclosure issue exists, allowing an attacker to obtain a user name and password by forging a post request to the "getcfg.php" page. This is due to insufficient protection of...

D-Link DIR-816L Information Disclosure Vulnerability (CVE-2020-15894)

The D-Link DIR-816L is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

Design/Logic Flaw

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by...

CVE-2020-9376

D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZEDGROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...