11231 matches found
CVE-2023-41227
The CVE-2023-41227 entry concerns D-Link DIR-3040 routers. The issue is in prog.cgi handling HNAP requests to the lighttpd webserver on ports 80/443, where unsafely copied user input into a fixed-size stack buffer leads to a stack-based overflow and remote code execution in the context of root. A...
CVE-2023-41215
CVE-2023-41215 affects D-Link DAP-2622 via a stack-based buffer overflow in the DDP Set Date-Time service, allowing network-adjacent attackers to achieve remote code execution with root privileges. The root cause is improper validation of the length of user-supplied data before copying to a fixed...
CVE-2023-41211 D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to...
CVE-2023-41212 D-Link DAP-1325 SetTriggerAPValidate Key Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-1325 SetTriggerAPValidate Key Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...
CVE-2023-41205 D-Link DAP-1325 SetAPLanSettings SubnetMask Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-1325 SetAPLanSettings SubnetMask Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...
CVE-2023-41205 D-Link DAP-1325 SetAPLanSettings SubnetMask Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-1325 SetAPLanSettings SubnetMask Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...
CVE-2023-41195
D-Link DAP-1325 is affected by CVE-2023-41195 via the HNAP1 SOAP endpoint, SetHostIPv6Settings IPv6Mode. The flaw allows unauthenticated network-adjacent attackers to trigger a command injection and gain code execution as root by supplying a crafted IPv6Mode value. Affected component: SetHostIPv6...
CVE-2023-41184
TP-Link Tapo C210 IP cameras are affected by CVE-2023-41184, a stack-based buffer overflow in the ActiveCells handling of the CreateRules and ModifyRules APIs. The flaw arises from insufficient validation of user-supplied data length before copying into a fixed-length stack buffer, enabling netwo...
CVE-2023-40478 NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability
NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, th...
CVE-2023-39464
The CVE-2023-39464 entry describes a remote code execution vulnerability in Triangle MicroWorks SCADA Data Gateway related to an unquoted path in the GTWWebMonitorService executable. The flaw’s root cause is the service path containing spaces not surrounded by quotation marks, enabling an attacke...
CVE-2023-38099
CVE-2023-38099 affects NETGEAR ProSAFE Network Management System. The flaw is in the getNodesByTopologyMapSearch function, where unsanitized user input is used to construct SQL queries, enabling a SQL injection that can lead to remote code execution with SYSTEM privileges. Authentication is requi...
CVE-2023-37321 D-Link DAP-2622 DDP Set SSID List RADIUS Secret Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Set SSID List RADIUS Secret Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-37320
CVE-2023-37320 affects D-Link DAP-2622 routers, specifically the DDP Set SSID List SSID Name handling. The flaw is a stack-based buffer overflow caused by insufficient validation of the length of user-supplied data before copying to a fixed-length stack buffer, enabling remote code execution with...
CVE-2023-37318 D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-37318 D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-37313
CVE-2023-37313 affects D-Link DAP-2622 routers. The DDP service fails to validate the length of user-supplied data when handling the IPv4 address/auth username, causing a stack-based buffer overflow that allows remote code execution with root privileges. This vulnerability can be exploited by net...
CVE-2023-37310
The CVE-2023-37310 issue affects D-Link DAP-2622 devices, stemming from a stack-based buffer overflow in the DDP Set Device Info Auth Username pathway. The root cause is unchecked length of user-supplied data copied into a fixed-length stack buffer, enabling remote code execution with root privil...
CVE-2023-35746
CVE-2023-35746 affects the D-Link DAP-2622 DDP firmware. The flaw resides in the DDP service where insufficient validation of user-supplied data length leads to a stack-based buffer overflow, enabling remote code execution with root privileges. The attack is network-adjacent and requires no authe...
CVE-2023-35744 D-Link DAP-2622 DDP Configuration Restore Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Configuration Restore Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to...
CVE-2023-35732 D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...