13 matches found
CVE-2026-2155
A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...
CVE-2026-2155
A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...
CVE-2026-2155
The CVE-2026-2155 entry concerns D-Link DIR-823X (version 250416) and the Configuration Handler’s /goform/set_dmz component. The flaw resides in function sub_4208A0, where manipulating the arguments dmz_host/dmz_enable enables operating system command injection. This allows remote execution of co...
CVE-2026-2155 D-Link DIR-823X Configuration set_dmz sub_4208A0 os command injection
A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...
CVE-2026-2155 D-Link DIR-823X Configuration set_dmz sub_4208A0 os command injection
A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...
D-Link DIR-823X 操作系统命令注入漏洞
The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the parameters dmzhost/dmzenable in the file/goform/setdmz, which ma...
PT-2026-6983
Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A security flaw exists in D-Link DIR-823X version 250416. The issue resides within the Configuration Handler component, specifically in the function sub 4208A0 located in the file /goform/set dmz...
CVE-2025-60673
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands...
PT-2025-46886
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands...
CVE-2025-12240
A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed...
CVE-2025-12240 TOTOLINK A3300R cstecgi.cgi setDmzCfg buffer overflow
A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed...
CVE-2025-8832
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated...
TOTOLINK A3300R 安全漏洞
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the ip parameter of the setDmzCfg method failing to correctly filter constructed command special characters...