746 matches found
CVE-2023-50215
CVE-2023-50215 – D-Link G416 : A vulnerability in the HTTP service listening on port 80 on D-Link G416 routers allows remote code execution as root due to improper validation of a user-supplied string before using it in a system call. This enables network-adjacent attackers (no authentication req...
CVE-2023-50216 D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability
D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific...
CVE-2023-50214
CVE-2023-50214 affects the D-Link G416 router. The flaw is in the HTTP service (port 80) where unsafely validated user input is used to execute a system call, enabling a network‑adjacent attacker to achieve root RCE without authentication. Exploitation details are documented by ZDI (ZDI-23-1830)....
CVE-2023-50212 D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability
D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability...
CVE-2023-50212
CVE-2023-50212 describes an information-disclosure flaw in the HTTP service of the D-Link G416 router. The issue stems from improper handling of error conditions in the httpd process listening on TCP/80, allowing network-adjacent attackers to access sensitive information without authentication. T...
CVE-2023-50211 D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this...
CVE-2023-50211
The CVE-2023-50211 entry concerns D-Link G416 routers. The vulnerability is a stack-based buffer overflow in the httpd API-AUTH Timestamp Processing function, triggered by insufficient validation of the length of user-supplied data copied into a fixed-length stack buffer. Impact is remote code ex...
CVE-2023-50210 D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this...
CVE-2023-50209 D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability
D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific...
CVE-2023-50209
CVE-2023-50209 affects D-Link G416 wireless routers. The cfgsave function in the HTTP service (port 80) has a stack-based buffer overflow due to improper validation of user-supplied data, enabling remote, network-adjacent attackers to execute arbitrary code with root privileges without authentica...
CVE-2023-50208
CVE-2023-50208 affects D-Link G416 ovpncfg, where the HTTP service on TCP/80 has a stack-based buffer overflow due to improper validation of user-supplied data. This allows network-adjacent attackers (no authentication) to execute arbitrary code with root privileges on affected G416 routers. The ...
CVE-2023-50207
CVE-2023-50207 affects D-Link G416 routers with a command-injection flaw in the HTTP service on port 80. The issue arises from improper validation of a user-supplied string used to construct a system call, allowing network-adjacent attackers to execute code with root privileges. Public documents ...
CVE-2023-50205
The CVE-2023-50205 issue affects D-Link G416 routers, specifically the awsfile chmod command path in the HTTP service on port 80. The vulnerability stems from insufficient validation of a user-supplied string used to invoke a system call, enabling remote code execution with root privileges by an ...
CVE-2023-50206 D-Link G416 flupl query_type edit Command Injection Remote Code Execution Vulnerability
D-Link G416 flupl querytype edit Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2023-50205 D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability
D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2023-50204
CVE-2023-50204 describes a command-injection remote code execution in the D-Link G416 wireless router. The flaw resides in the HTTP service (TCP port 80) and stems from insufficient validation of a user-supplied string used to perform a system call, allowing network-adjacent attackers to execute ...
CVE-2023-50202 D-Link G416 flupl pythonmodules Command Injection Remote Code Execution Vulnerability
D-Link G416 flupl pythonmodules Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specif...
CVE-2023-50203
CVE-2023-50203 – D-Link G416 : A command injection exists in the router’s nodered chmod function, exploitable via HTTP (port 80) with no authentication. The flaw validates a user-supplied string poorly, allowing an attacker to execute code as root on affected devices. Multiple sources (ZDI adviso...
CVE-2023-50203 D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability
D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2023-50202
CVE-2023-50202 affects the D-Link G416 flupl pythonmodules component. The issue is a command injection in the HTTP service on port 80 caused by improper validation of a user-supplied string before executing a system call, allowing network-adjacent attackers to execute code with root privileges. T...