CVE-2023-50201 D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability

D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2023-50201

D-Link G416: remote code execution via cfgsave upusb command injection in the HTTP service (port 80). Root context achieved by abusing insufficient validation of a user-supplied string to execute a system call. Affected product is the D-Link G416 router; attack vector is network-adjacent with no ...

CVE-2023-50201 D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability

D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2023-50200 D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability

D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exist...

CVE-2023-50198 D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability

D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exis...

CVE-2023-50198

The CVE-2023-50198 issue affects the D-Link G416 wireless router. A command-injection vulnerability in the HTTP service (port 80) allows network-adjacent attackers to inject commands and execute code with root privileges due to insufficient validation of user-supplied input before a system call. ...

CVE-2023-44445

NETGEAR CAX30 SSO stack-based buffer overflow (CVE-2023-44445) affects the sso binary. Lack of proper length validation on user data copied into a fixed-size stack buffer enables network-adjacent attackers to execute arbitrary code with root privileges. No authentication required; impact describe...

CVE-2023-44431 BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability

BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target...

CVE-2023-44424

CVE-2023-44424 affects D-Link DIR-X3260 routers. A flaw in prog.cgi handling HNAP requests on the lighttpd web server (ports 80/443) allows command injection via an unsafely used user-supplied string, enabling code execution as root. Attack path requires network adjacency and bypasses authenticat...

CVE-2023-44425

The CVE-2023-44425 issue affects D-Link DIR-X3260 routers, specifically the prog.cgi handler for HNAP requests on the lighttpd webserver (ports 80/443). It stems from insufficient validation of a user-supplied string before it is used in a system call, allowing an attacker to execute code with ro...

CVE-2023-44423 D-Link DIR-X3260 SetTriggerPPPoEValidate Password Command Injection Remote Code Execution Vulnerability

D-Link DIR-X3260 SetTriggerPPPoEValidate Password Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

CVE-2023-44422 D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability

D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

CVE-2023-44421

D-Link DIR-X3260 routers are affected by CVE-2023-44421. The vulnerability resides in the prog.cgi handler for HNAP requests served by lighttpd on port 80/443. It arises from insufficient validation of a user-supplied string before it is used in a system call, enabling an attacker to execute code...

CVE-2023-44419

Affected product: D-Link DIR-X3260 routers; vulnerable component: prog.cgi handling HNAP requests on the lighttpd webserver. Root cause: stack-based buffer overflow due to improper validation of user-supplied data length in prog.cgi, enabling remote code execution. Impact: network-adjacent attack...

CVE-2023-44418

CVE-2023-44418 affects D-Link DIR-X3260 routers. The flaw is in prog.cgi (HNAP requests handled by lighttpd) where improper validation of user-supplied data length leads to a heap-based buffer overflow. This allows network-adjacent attackers to execute arbitrary code with root privileges without ...

CVE-2023-44409 D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-44409 D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-44409

Summary: CVE-2023-44409 affects the D-Link DAP-1325, where the HNAP1 SOAP endpoint mishandles XML data, failing to validate data length before copying into a fixed-size stack buffer. This causes a stack-based overflow that can allow a network-adjacent attacker to execute code with root privileges...

CVE-2023-44407

CVE-2023-44407 affects D-Link DAP-1325 routers via the SetAPLanSettings gateway. The vulnerability stems from a stack-based buffer overflow in handling XML data sent to the HNAP1 SOAP endpoint, caused by insufficient validation of user-supplied data length before copying to a fixed-length stack b...

CVE-2023-44407 D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...