746 matches found
CVE-2023-35743
CVE-2023-35743 concerns the D-Link DAP-2622 DDP service. The flaw is a stack-based buffer overflow caused by insufficient validation of the length of user-supplied data before copying into a fixed-size stack buffer, enabling remote code execution in the context of root. The vulnerability permits ...
CVE-2023-35741 D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35740
The CVE-2023-35740 entry concerns D-Link DAP-2622 where the DDP service contains a stack-based buffer overflow due to improper validation of user-supplied data length. This allows network-adjacent remote code execution with root privileges and requires no authentication. The connected documents c...
CVE-2023-35740 D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit...
CVE-2023-35737
The CVE-2023-35737 entry concerns the D-Link DAP-2622 DDP service buffer overflow. Affected component: DAP-2622 firmware (DDP service). Root cause: lack of proper validation of user-supplied data length before copying into a fixed-length stack-based buffer, enabling a stack-based overflow. Impact...
CVE-2023-35737 D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit th...
CVE-2023-35737 D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit th...
CVE-2023-35732
The CVE-2023-35732 issue affects D-Link DAP-2622 routers, specifically in the DDP service. It arises from improper validation of the length of user-supplied data before copying it into a fixed-length stack-based buffer, enabling a stack-based overflow. This allows adjacent-network attackers to ex...
CVE-2023-35731
CVE-2023-35731 affects D-Link DAP-2622 routers; the vulnerability is in the DDP service where improper validation of user-supplied data length allows a stack-based buffer overflow. This enables remote code execution with root privileges from network-adjacent access and requires no authentication....
CVE-2023-35726 D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35727 D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35727 D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35725 D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35725 D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35718
CVE-2023-35718 affects D-Link DAP-2622 via the DDP service. The flaw is a stack-based buffer overflow caused by improper validation of the length of user-supplied data before copying to a fixed-length buffer, enabling code execution with root privileges. Public sources (including ZDI advisory and...
CVE-2023-34285
The CVE-2023-34285 entry concerns NETGEAR RAX30 routers. The issue is a stack-based overflow in a shared library used by telnetd (port 23) within the cmsCli_authenticate flow. It arises from insufficient validation of the length of user-supplied data copied into a fixed-size stack buffer, enablin...
CVE-2023-34281
D‑Link DIR‑2150 is affected by CVE‑2023‑34281 due to a GetFirmwareStatus target command injection in the SOAP API interface (listening on TCP/80). The flaw lacks proper validation of a user‑supplied string that is used to execute a system call, enabling an attacker to run arbitrary code with root...
CVE-2023-34280 D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability
D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability...
CVE-2023-34278
CVE-2023-34278 concerns the D-Link DIR-2150 router. The vulnerability lies in the SOAP API interface (listening on port 80) where a user-supplied string is not properly validated before being used in a system call, allowing a network-adjacent attacker to execute code with root privileges. Authent...
CVE-2023-34279
The CVE-2023-34279 entry maps to D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution. Affected component is the SOAP API interface (on TCP port 80) which fails to validate user-supplied input before executing a system call, enabling network-adjacent attackers to run c...