CVE-2023-41208 D-Link DAP-1325 SetHostIPv6StaticSettings StaticDefaultGateway Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticDefaultGateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to...

CVE-2023-41205

The CVE-2023-41205 issue affects D-Link DAP-1325 via the SetAPLanSettings SubnetMask handling in the HNAP1 SOAP endpoint. The root cause is a stack-based buffer overflow from insufficient validation of the length of user-supplied XML data, allowing network-adjacent attackers to execute code with ...

CVE-2023-41199 D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS2 Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS2 Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41189 D-Link DAP-1325 HNAP SetAPLanSettings Gateway Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetAPLanSettings Gateway Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. T...

CVE-2023-41187 D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2023-40479

The CVE-2023-40479 entry concerns NETGEAR RAX30 UPnP, where the UPnP service allows an attacker to inject a string that is passed to a system call, enabling remote code execution as root. Affected product: NETGEAR RAX30 router; vulnerability arises from insufficient validation of user-supplied in...

CVE-2023-39457

CVE-2023-39457 affects Triangle MicroWorks SCADA Data Gateway. The vulnerability stems from missing authentication in the default configuration, enabling a remote attacker to bypass authentication and execute arbitrary code with root privileges. Reported under ZDI-20501, the CVSSv3 vector is CVSS...

CVE-2023-38120 Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability

Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...

CVE-2023-37324 D-Link DAP-2622 DDP Set Wireless Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set Wireless Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

CVE-2023-37317 D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

CVE-2023-37316 D-Link DAP-2622 DDP Set IPv6 Address Default Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set IPv6 Address Default Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

CVE-2023-37315 D-Link DAP-2622 DDP Set IPv6 Address Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set IPv6 Address Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

CVE-2023-35735

The CVE-2023-35735 entry concerns the D-Link DAP-2622 router. A flaw in the DDP service arises from improper validation of user-supplied data length before copying it into a fixed-size stack buffer, enabling a stack-based buffer overflow that can execute code in the root context. Exploitation is ...

CVE-2023-35729 D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerabilit...

CVE-2023-35726

The CVE-2023-35726 issue affects D-Link DAP-2622 routers, originating in the DDP service. It is a stack-based buffer overflow caused by insufficient validation of user-supplied data length before copying to a fixed-size stack buffer. This allows network-adjacent attackers to execute arbitrary cod...

CVE-2023-35723

The CVE-2023-35723 entry concerns a D-Link DIR-X3260 router vulnerability in the prog.cgi SOAPAction handler. The flaw arises from insufficient validation of a user-supplied string in the SOAPAction header before it is used to execute a system call, enabling a command injection that can execute c...

CVE-2023-35722

CVE-2023-35722 affects NETGEAR RAX30 routers. The flaw is in UPnP port-mapping request handling where unvalidated user input is used to execute a system call, enabling remote code execution with root privileges. Exploitation is possible without authentication and occurs from a network-adjacent po...

CVE-2023-34283

CVE-2023-34283 — NETGEAR RAX30 USB Share Link Information Disclosure : The issue arises from how the router handles symbolic links on removable USB media. By creating a symbolic link, a physically present attacker can abuse the router’s web server to access arbitrary local files, revealing sensit...

CVE-2023-34283 NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability

NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2023-34278 D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...