746 matches found
CVE-2023-34279
The CVE-2023-34279 entry maps to D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution. Affected component is the SOAP API interface (on TCP port 80) which fails to validate user-supplied input before executing a system call, enabling network-adjacent attackers to run c...
CVE-2023-34277
The CVE-2023-34277 issue affects the D-Link DIR-2150 router. A flaw in the SOAP API interface (default port 80) creates a command injection path by validating user input insufficiently before it is handed to a system call. This can allow network-adjacent attackers to execute arbitrary code with r...
CVE-2023-34275 D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the...
CVE-2023-34275
CVE-2023-34275 describes a remote code execution on the D-Link DIR-2150 router due to a flaw in the SOAP API interface that handles SetNTPServerSettings. The vulnerability stems from improper validation of a user-supplied string before it is used to perform a system call, allowing an attacker to ...
CVE-2023-32153
The CVE-2023-32153 entry involves D-Link DIR-2640, where the EmailFrom parameter in the HNAP1 endpoint is not properly validated, allowing a network-adjacent attacker to execute commands with root privileges (remote code execution). The core issue is an unvalidated user-supplied string used in a ...
CVE-2023-32150
The CVE-2023-32150 issue affects D‑Link DIR-2640 routers. It stems from improper validation of the PrefixLen parameter sent to the HNAP1 endpoint, enabling command execution with root privileges. The vulnerability can be triggered by network-adjacent attackers; however, the authentication mechani...
CVE-2023-32147
Summary: CVE-2023-32147 affects the D-Link DIR-2640 router. The issue is a LocalIPAddress handling flaw in the HNAP1 endpoint where a user-supplied string is used to build a system call without proper validation, enabling arbitrary code execution with root privileges. The vulnerability is reachab...
CVE-2023-32146
CVE-2023-32146 affects D-Link DAP-1360 devices. Root cause: a stack-based buffer overflow in /cgi-bin/webproc when parsing the errorpage and nextpage parameters, copying data into a fixed-length buffer. This allows remote, network-adjacent attackers (no authentication) to execute code with root p...
CVE-2023-32146 D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. T...
CVE-2023-32144 D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-1360 webproc COMMMakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this...
CVE-2023-32143
CVE-2023-32143 describes a remote code execution in D-Link DAP-1360 (and DAP-2020) routers. The flaw is in handling requests to the /cgi-bin/webupg endpoint, where improper validation can cause an integer overflow during buffer allocation, allowing network-adjacent attackers to execute code with ...
CVE-2023-32142
The CVE-2023-32142 issue affects D-Link DAP-1360 (and DAP-2020 variants in PT security listing) where the /cgi-bin/webproc endpoint processes the var:page parameter and, due to improper length validation, leads to a stack-based buffer overflow and remote code execution with root privileges. The v...
CVE-2023-32141 D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-1360 webproc WEBDisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability...
CVE-2023-27360
CVE-2023-27360 affects NETGEAR RAX30 and involves a misconfiguration in the lighttpd HTTP server. The flaw permits network-adjacent attackers to execute arbitrary code with root privileges by exploiting file execution from untrusted sources. No authentication is required. Documented by ZDI-23-496...
CVE-2023-27361 NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
NETGEAR RAX30 rexcgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this vulnerability. The...
CVE-2023-27360 NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability
NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2023-27349
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the...
CVE-2023-27349 BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the...
CVE-2023-27346 TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-27335
Softing edgeAggregator Client is affected by a Cross-Site Scripting/Remote Code Execution vulnerability (CVE-2023-27335). The flaw lies in how the edgeAggregator client handles input parameters, with insufficient validation allowing injection of arbitrary scripts. This can enable remote code exec...