EUVD-2019-15824

Malware in sbrugna...

CVE-2019-6258

D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file...

D-Link DAP-1325 Secondary DNS Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 is a wireless network extender made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network and wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection remote code...

PT-2023-8460 · D Link · D-Link Dir-X3260

Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. The specific flaw exists within the prog.cgi binary,...

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microsoftware allows a attacker to execute arbitrary code.

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microprogramming software is related to the lack of measures to sanitize input data during the processing of the EmailFrom parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary cod...

PT-2023-3479 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G firmware version 1.02B05 Description: The issue is related to a buffer overflow in the implementation of the HNAP1 protocol in the D-Link DIR-823G router's firmware. This occurs when processing the SetParentsControlInfo...

PT-2022-6580 · D Link · D-Link Dir-2640

Name of the Vulnerable Software and Affected Versions: D-Link DIR-2640 routers affected versions not specified Description: The issue is related to the implementation of the HNAP1 protocol in the D-Link DIR-2640-US router's firmware, specifically with insufficient validation of user-supplied inpu...

PT-2022-5330 · D Link · D-Link Dir-846

Name of the Vulnerable Software and Affected Versions: D-Link DIR-846 version 100A35 Description: The issue is related to insufficient argument validation in a command, allowing remote attackers to execute arbitrary code as root. This can be achieved via a specially crafted request to the...

CVE-2020-21937

An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary system commands...

CVE-2019-6258

D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file...

Buffer overflow

D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file...

CVE-2019-6258

D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file...

Authentication flaw

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login...

D-Link DIR-818LW Command Injection Vulnerability (CNVD-2019-22226)

The D-Link DIR-818LW is a wireless router from AUO D-Link of Taiwan, China. A command injection vulnerability exists in HNAP1 in the D-Link DIR-818LW using firmware version 2.06betab01. The vulnerability stems from a network system or product not properly filtering specific elements of externally...

CVE-2017-17065

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have unspecified other impact by sending a sufficiently long string in the...

D-Link DIR8xx Remote Root Code Execution Exploit

D-Link DIR8xx routers suffers from a remote root code execution vulnerability. Due to error in hnap protocol implementation we can overflow stack and execute any sh commands under root priviliges. E-DB Note:...

D-Link DIR8xx Remote Root Code Execution

Due to error in hnap protocol implementation we can overflow stack and execute any sh commands under root priviliges. E-DB Note: https://embedi.com/blog/enlarge-your-botnet-top-d-link-routers-dir8xx-d-link-routers-cruisin-bruisin E-DB Note:...

D-Link DIR-8xx Routers - Root Remote Code Execution

D-Link DIR-8xx Routers - Root Remote Code Execution Due to error in hnap protocol implementation we can overflow stack and execute any sh commands under root priviliges. E-DB Note: https://embedi.com/blog/enlarge-your-botnet-top-d-link-routers-dir8xx-d-link-routers-cruisin-bruisin E-DB Note:...

D-Link DIR-8xx Routers - Root Remote Code Execution

Due to error in hnap protocol implementation we can overflow stack and execute any sh commands under root priviliges. E-DB Note: https://embedi.com/blog/enlarge-your-botnet-top-d-link-routers-dir8xx-d-link-routers-cruisin-bruisin E-DB Note:...

D-Link Router HNAP GetDeviceSettings Remote Command Execution

The remote D-Link device is affected by a remote command execution vulnerability due to a flaw in the GetDeviceSettings functionality of the HNAP Home Network Administration Protocol server. A remote attacker can exploit this, via a crafted SOAPAction header, to bypass authentication and inject...