CVE-2025-60700

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and librcm.so binaries. The sub4455BC function in prog.cgi stores user-supplied SetDMZSettings/IPAddress values in NVRAM via nvramsafeset"dmzipaddr", .... These values are later...

CVE-2025-60698

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...

EUVD-2023-48760

Malicious code in bioql PyPI...

CVE-2021-30072

An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication...

CVE-2021-28144

prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely...

D-Link DIR-2640 Stack Buffer Overflow Remote Code Execution Vulnerability

The D-Link DIR-2640 is a high power Wi-Fi router manufactured by the Chinese company AUO D-Link, which is mainly used to provide wireless network connectivity. The D-Link DIR-2640 suffers from a stack buffer overflow remote code execution vulnerability that stems from a stack-based buffer overflo...

CVE-2023-51616

D-Link DIR-X3260 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...

CVE-2023-44419

D-Link DIR-X3260 Prog.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability. The specif...

CVE-2023-41225

D-Link DIR-3040 prog.cgi SetIPv6PppoeSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

CVE-2023-41225

D-Link DIR-3040 prog.cgi SetIPv6PppoeSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

CVE-2023-44424

CVE-2023-44424 affects D-Link DIR-X3260 routers. A flaw in prog.cgi handling HNAP requests on the lighttpd web server (ports 80/443) allows command injection via an unsafely used user-supplied string, enabling code execution as root. Attack path requires network adjacency and bypasses authenticat...

D-Link DIR-X3260 安全漏洞

D-Link DIR-X3260 is a Wi-Fi 6 router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from a stack-based buffer overflow remote code execution vulnerability in the prog.cgi SetQuickVPNSettings password...

CVE-2024-33343

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell...

PT-2023-5545 · D Link +1 · D-Link Dir-3040 +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: The issue exists due to the lack of proper validation of a user-supplied string before copying it to a fixed-length stack-based buffer in the prog.cgi file. This allows a remote...

PT-2023-9280 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: This issue allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. The specific flaw exists within the prog.c...

PT-2023-5830 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. The specific flaw exists within the prog.cgi binary, whi...

D-Link DIR-878 缓冲区错误漏洞

The D-Link DIR-878 is a wireless router from AUO D-Link of Taiwan, China. A stack buffer overflow vulnerability exists in prog.cgi in the D-Link DIR-878 version 1.30B08. An attacker can exploit this vulnerability without authentication based on a stack buffer overflow...