5 matches found
CVE-2018-25358
D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...
CVE-2018-25358 D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi
D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...
D-Link DIR-601 Authentication Bypass Vulnerability
D-Link DIR-601 is a wireless router product. A security vulnerability in mycgi.cgi in the D-Link DIR-601 2.02NA and earlier versions allows malicious users to bypass certain security restrictions and gain access to the Adminuser, Wirelesssettings, Wirelesssecurity, Wirelesssecurity settings table...
D-Link info.cgi POST Request Buffer Overflow
This module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is a stack based buffer overflow in the mycgi.cgi component, when handling specially crafted POST HTTP requests addresses to the /common/info.cgi handler. This module has been...
CVE-2014-3936
Stack-based buffer overflow in the dohnap function in www/mycgi.cgi in D-Link DSP-W215 Rev. A1 with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in...