746 matches found
CVE-2023-41187
D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2023-39471
TP-Link TL-WR841N atedtp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2023-39462
Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the...
CVE-2023-39461
Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required...
CVE-2023-51628
The CVE-2023-51628 entry describes a stack-based buffer overflow in D-Link DCS-8300LHV2 caused by improper validation of the length of hostname data in the ONVIF SetHostName call. The flaw can be triggered remotely by network-adjacent attackers and may allow arbitrary code execution with root pri...
CVE-2023-51627 D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability
D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this...
CVE-2023-51627 D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability
D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this...
CVE-2023-51626
The CVE-2023-51626 entry pertains to D-Link DCS-8300LHV2 and an RTSP server flaw in the Authorization header handling, causing a stack-based buffer overflow that can enable remote code execution with root privileges. Multiple connected sources (NVD/NVF, ZDI advisory ZDI-24-046) corroborate that t...
CVE-2023-51625
The CVE-2023-51625 entry corresponds to a D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection that allows remote code execution. The vulnerability stems from improper validation when parsing the sch:TZ XML element in the ONVIF API (listening on TCP port 80), enabling an attacker to r...
CVE-2023-51624 D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability
D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to...
CVE-2023-37320
D-Link DAP-2622 DDP Set SSID List SSID Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-51620
The CVE-2023-51620 entry concerns D-Link DIR-X3260 routers, where the flaw is in the prog.cgi handling HNAP requests on the lighttpd webserver. The vulnerability is a stack-based buffer overflow in SetIPv6PppoeSettings, triggered by insufficient validation of a user-supplied string copied into a ...
CVE-2023-51619
CVE-2023-51619 affects D-Link DIR-X3260 routers, due to a stack-based overflow in prog.cgi that processes HNAP requests for lighttpd on ports 80/443. The vulnerability arises from improper validation of a user-supplied string copied into a fixed-size stack buffer, allowing a network-adjacent atta...
CVE-2023-51618
CVE-2023-51618 affects D-Link DIR-X3260. The flaw is a stack-based buffer overflow in prog.cgi handling HNAP requests on lighttpd (ports 80/443). It arises from improper validation of a user-supplied string copied into a fixed-length buffer, enabling remote code execution with root privileges. At...
CVE-2023-35756
D-Link DAP-2622 DDP Set Date-Time Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-37310
D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35751
D-Link DAP-2622 DDP Set AG Profile Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35744
D-Link DAP-2622 DDP Configuration Restore Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to...
CVE-2023-35736
D-Link DAP-2622 DDP Change ID Password New Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35729
D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerabilit...