D-Link多款产品 命令注入漏洞

D-Link DNS-120, etc., are products of D-Link Corporation from China. The D-Link DNS-120 is a network storage adapter. The D-Link DNR-202L is a network video camera. The D-Link DNS-315L is a network attached storage device. Several D-Link products have command injection vulnerabilities, which stem...

CVE-2026-4195

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file...

PT-2026-1074

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.3.1.3250 build 20250912 Description A NULL pointer dereference issue exists in QNAP operating...

The vulnerability of the organization’s software and management tools for personal and corporate notes in Notes Station, when used with QNAP network storage devices. This vulnerability stems from the lack of authenticity verification for a critical function, allowing attackers to execute arbitrary code.

The vulnerability of the organization’s software for managing personal and corporate notes in Notes Station, when used with QNAP network storage systems, stems from the lack of authenticity verification for a critical function. Exploiting this vulnerability could allow an attacker operating...

The vulnerability in the web interface for controlling microprogrammed software-based network storage devices STEALTHONE D220, D340, and D440 allows a perpetrator to execute arbitrary commands.

The vulnerability of the web-based interface for managing microprogrammed software-based network storage devices STEALTHONE D220, D340, and D440 is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows ...

D-Link多款产品 命令注入漏洞

D-Link DNS-320 and others are products of China-based AUO D-Link.D-Link DNS-320 is a NAS Network Attached Storage device.D-Link DNS-120 is a network storage adapter.D-Link DNS-315L is a network attached storage. A command injection vulnerability exists in various D-Link products. The vulnerabilit...

CVE-2024-8129

CVE-2024-8129 affects multiple D-Link NAS/DNS devices (DNS-120, DNR-202L, DNS-315L, DNS-320/320L/320LW/320S, DNS-321, DNR-322L, DNS-323, DNS-325/326/327L, DNR-326, DNS-340L/343/345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04) up to 20240814. The vulnerability is in the HTTP POST Request Hand...

CVE-2024-7922

CVE-2024-7922 affects D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to 2024-08-14. The vulnerability lies in the myMusic.cgi CGI ...

CVE-2024-7832

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as...

The vulnerability of the CGI script nas_sharing.cgi of the D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L NAS devices allows a hacker to execute arbitrary code.

The vulnerability of the CGI script nassharing.cgi of the D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L devices lies in the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code ...

The vulnerability of the QTS operating system, the Media Streaming application for streaming multimedia files, and the Multimedia Console on QNAP devices allows a perpetrator to execute arbitrary commands.

The vulnerability of the QTS operating system, the Media Streaming application for streaming multimedia files, and the Multimedia Console on QNAP devices is related to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

The vulnerability of the QTS operating system’s network storage solutions on QNAP devices allows a perpetrator to gain unauthorized access to confidential data.

The vulnerability of the QTS operating system’s network storage devices in QNAP is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to confidential data...

The vulnerability of operating systems for network storage devices My Cloud OS, cloud storage services My Cloud Home and My Cloud Home Duo, as well as SanDisk iBI, stems from incorrect path name restrictions for access-controlled directories. This allows attackers to execute arbitrary code.

The vulnerability of the My Cloud OS, the cloud storage services My Cloud Home and My Cloud Home Duo, as well as the SanDisk iBeacon, is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability could allow a remote attacker to execute arbitrar...

CVE-2020-13364

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21AASZ.4C0, V5.21AASZ.0C0, V5.11AASZ.3C0, and V5.11AASZ.0C0; NAS542 V5.11ABAG.0C0, V5.20ABAG.1C0, and V5.21ABAG.3C0; NSA325 v2V4.81AALS.0C0 and V4.81AAAJ.1C0; NSA310 4.22AFK.0C0 and...

Zyxel Fixes 0day in Network Storage Devices

Patch comes amid active exploitation by ransomware gangs Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage NAS devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the...