23 matches found
CVE-2025-60700
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and librcm.so binaries. The sub4455BC function in prog.cgi stores user-supplied SetDMZSettings/IPAddress values in NVRAM via nvramsafeset"dmzipaddr", .... These values are later...
CVE-2025-60698
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...
EUVD-2023-48760
Malicious code in bioql PyPI...
CVE-2021-30072
An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication...
CVE-2021-28144
prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely...
D-Link DIR-2640 Stack Buffer Overflow Remote Code Execution Vulnerability
The D-Link DIR-2640 is a high power Wi-Fi router manufactured by the Chinese company AUO D-Link, which is mainly used to provide wireless network connectivity. The D-Link DIR-2640 suffers from a stack buffer overflow remote code execution vulnerability that stems from a stack-based buffer overflo...
The vulnerability of the prog.cgi file in D-Link DIR-2640 router microprogramming software allows a hacker to execute arbitrary code in the root context.
The vulnerability of the prog.cgi file in D-Link DIR-2640 router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root context by sending specially crafted HNAP requests to TCP ports 80 an...
CVE-2023-51616
D-Link DIR-X3260 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...
CVE-2023-44419
D-Link DIR-X3260 Prog.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability. The specif...
CVE-2023-41225
D-Link DIR-3040 prog.cgi SetIPv6PppoeSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...
CVE-2023-41225
D-Link DIR-3040 prog.cgi SetIPv6PppoeSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...
CVE-2023-44424
CVE-2023-44424 affects D-Link DIR-X3260 routers. A flaw in prog.cgi handling HNAP requests on the lighttpd web server (ports 80/443) allows command injection via an unsafely used user-supplied string, enabling code execution as root. Attack path requires network adjacency and bypasses authenticat...
D-Link DIR-X3260 安全漏洞
D-Link DIR-X3260 is a Wi-Fi 6 router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from a stack-based buffer overflow remote code execution vulnerability in the prog.cgi SetQuickVPNSettings password...
CVE-2024-33343
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell...
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers allows a hacker to execute arbitrary code.
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers involves reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers allows a hacker to execute arbitrary code.
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers involves reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers allows a hacker to execute arbitrary code.
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers involves reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers allows a hacker to execute arbitrary code.
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers involves reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers allows a hacker to bypass the authentication process and gain full access to the device.
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers is related to deficiencies in authentication procedures. Exploiting this vulnerability allows attackers to bypass authentication processes and gain full access to the device...
PT-2023-5545 · D Link +1 · D-Link Dir-3040 +1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: The issue exists due to the lack of proper validation of a user-supplied string before copying it to a fixed-length stack-based buffer in the prog.cgi file. This allows a remote...