CVE-2023-44404 D-Link DAP-1325 get_value_from_app Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 getvaluefromapp Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The...

CVE-2023-44405

The vulnerability CVE-2023-44405 affects D-Link DAP-1325 routers. It stems from improper validation of user-supplied data in the XML processed by the HNAP1 SOAP endpoint, leading to a stack-based buffer overflow in a fixed-length buffer. This allows network-adjacent attackers to execute arbitrary...

CVE-2023-44403

CVE-2023-44403 affects D-Link DAP-1325 routers via the HNAP1 SOAP endpoint, SetWLanRadioSettings channel command handling. The vulnerability arises from insufficient validation of a user-supplied string used in a system call, allowing network-adjacent attackers to execute arbitrary code with root...

CVE-2023-42033

Visualware MyConnection Server is affected by CVE-2023-42033 via the doPostUploadfiles directory traversal, allowing remote code execution with root context. The flaw is due to insufficient validation of a user-supplied path before file operations. Exploitation requires authentication, but authen...

CVE-2023-41229

The CVE-2023-41229 issue affects the D-Link DIR-3040 router. A heap-based buffer overflow in the prog.cgi handler for HNAP requests processed by the lighttpd webserver (ports 80/443) arises from inadequate validation of a user-supplied string, enabling an attacker with network proximity to execut...

CVE-2023-41226

Summary of CVE-2023-41226 (D-Link DIR-3040): The vulnerability is a stack-based overflow in the prog.cgi binary that handles HNAP requests to the lighttpd webserver (ports 80/443). Lack of proper validation of a user-supplied string allows a network-adjacent attacker to trigger a remote code exec...

CVE-2023-41217

CVE-2023-41217 affects D-Link DIR-3040 routers. The vulnerability resides in the prog.cgi handling of HNAP requests to the lighttpd webserver on ports 80/443, where unsafely copied user input into a fixed-length stack buffer leads to a stack-based buffer overflow . This permits remote code execut...

CVE-2023-41216

CVE-2023-41216 affects D-Link DIR-3040 routers, specifically the prog.cgi endpoint handling HNAP requests on lighttpd ports 80/443. The vulnerability is a stack-based buffer overflow in SetDynamicDNSSettings that copies an unvalidated user-supplied string into a fixed-length stack buffer, enablin...

CVE-2023-41215 D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The...

CVE-2023-41211 D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to...

CVE-2023-41211

CVE-2023-41211 affects D-Link DAP-1325. The flaw is a stack-based buffer overflow in SetHostIPv6StaticSettings StaticPrefixLength via the HNAP1 SOAP endpoint due to improper length validation of user-supplied XML data. Consequence: remote code execution with root privileges, exploitable by networ...

CVE-2023-41210 D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS2 Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS2 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41210

CVE-2023-41210 affects the D-Link DAP-1325 router. The vulnerability is a stack-based buffer overflow in the SetHostIPv6StaticSettings StaticDNS2 handler, due to improper validation of user-supplied data in XML passed to the HNAP1 SOAP endpoint. Exploitation could allow network-adjacent, unauthen...

CVE-2023-41209

CVE-2023-41209 affects the D-Link DAP-1325 router. The vulnerability is a stack-based buffer overflow in the SetHostIPv6StaticSettings StaticDNS1 path, caused by improper validation of the length of XML data sent to the HNAP1 SOAP endpoint. An unauthenticated, network-adjacent attacker can exploi...

CVE-2023-41203 D-Link DAP-1325 SetAPLanSettings PrimaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetAPLanSettings PrimaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41202 D-Link DAP-1325 SetAPLanSettings Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetAPLanSettings Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability...

CVE-2023-41203

The CVE-2023-41203 entry concerns D-Link DAP-1325 and the SetAPLanSettings PrimaryDNS function. The flaw is a stack-based buffer overflow in the HNAP1 SOAP endpoint caused by improper validation of the length of user-supplied XML data, enabling network-adjacent attackers to execute code with root...

CVE-2023-41201

The CVE concerns D-Link DAP-1325 with a command-injection path in the HNAP1 SOAP endpoint. Affected component: SetSetupWizardStatus handling within DAP-1325 devices. Root cause: improper validation of a user-supplied string before it is used to execute a system call, enabling remote code executio...

CVE-2023-41199 D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS2 Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS2 Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41200

CVE-2023-41200 affects the D-Link DAP-1325 router. The root cause is improper validation of a user-supplied string used in a system call within the HNAP1 SOAP endpoint, specifically the SetHostIPv6StaticSettings StaticPrefixLength path. This allows network-adjacent attackers, with no authenticati...