Lucene search
K

54 matches found

CVE
CVE
added 2025/08/31 11:32 a.m.17 views

CVE-2025-9727

CVE-2025-9727 affects D-Link DIR-816L firmware 206b01. The issue lies in the soapcgi_main function of /soap.cgi, where the service argument can be manipulated to trigger an OS command injection. Remote exploitation is possible, and public exploits exist. Several connected sources confirm the vuln...

9.8CVSS6.4AI score0.04797EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/31 12:0 a.m.5 views

PT-2025-35406

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816L version 206b01 Description: A weakness exists due to the manipulation of the service argument within the soapcgi main function of the /soap.cgi file, leading to OS command injection. Remote exploitation is possible. The exploi...

6.5CVSS6.3AI score0.04797EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/08/31 12:0 a.m.4 views

D-Link DIR-816L 安全漏洞

The D-Link DIR-816L is a dual-band wireless router that supports 2.4GHz and 5GHz bands with a maximum transfer rate of 450Mbps. The D-Link DIR-816L suffers from an os command injection vulnerability that stems from the parameter service in the file /soap.cgi failing to correctly filter constructe...

9.8CVSS7.5AI score0.04797EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2025/05/14 12:0 a.m.9 views

The vulnerability of the sub_175C8 function in the /htdocs/soap.cgi file of the D-Link DIR-890L and DIR-806A1 router microprogramming system, related to the lack of data cleaning at the control level, allows a perpetrator to execute arbitrary commands.

The vulnerability of the sub175C8 function in the /htdocs/soap.cgi file of the D-Link DIR-890L and DIR-806A1 routers’ microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow an attacker operating remotely to...

6.5CVSS7.1AI score0.04149EPSS
Exploits1References6Affected Software2
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.6 views

D-Link DIR-890L和D-Link DIR-806A1 安全漏洞

D-Link DIR-890L and D-Link DIR-806A1 are both products of China's AUO D-Link.D-Link DIR-890L is a wireless router.D-Link DIR-806A1 is a dual-band wireless router that supports AC750 wireless rate and USB sharing function. The D-Link DIR-890L and D-Link DIR-806A1 suffer from a command injection...

9.8CVSS8.1AI score0.04149EPSS
Exploits1References6
OSV
OSV
added 2024/08/01 1:15 p.m.3 views

CVE-2024-7357

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgimain of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The...

9.8CVSS5.6AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/08/01 1:0 p.m.15 views

CVE-2024-7357 D-Link DIR-600 soap.cgi soapcgi_main os command injection

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgimain of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The...

6.5CVSS7.5AI score0.0574EPSS
Exploits1References5
CNVD
CNVD
added 2019/06/25 12:0 a.m.2 views

Command Injection Vulnerability in Multiple D-Link Products

The D-Link DIR-845, among others, is a wireless router from AUO D-Link of Taiwan, China. A command injection vulnerability exists in the soap.cgi?service=WANIPConn1 URL in multiple D-Link products. The vulnerability stems from a network system or product not properly filtering specific elements o...

9.8CVSS9.7AI score0.24044EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/01/15 12:0 a.m.6 views

The vulnerability of the soapcgi_main function in the soap.cgi script of D-Link DIR-818LW and DIR-860L routers allows a hacker to execute arbitrary commands on the operating system.

The vulnerability of the soapcgimain function in the soap.cgi script /htdocs/cgibin/soap.cgi of the D-Link DIR-818LW and DIR-860L router software is caused by privilege management errors. Exploiting this vulnerability allows an attacker to execute arbitrary operating system commands using the...

6.5CVSS8.1AI score0.06725EPSS
Exploits1References2Affected Software2
OSV
OSV
added 2019/01/02 6:29 p.m.3 views

CVE-2018-20114

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530...

9.8CVSS5.9AI score0.06725EPSS
Exploits1References1
CVE
CVE
added 2019/01/02 6:0 p.m.192 views

CVE-2018-20114

CVE-2018-20114 affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03. It is tied to an OS command injection in the cgibin soap.cgi service, exploitable via the service parameter containing an ? substring, reflecting an incomplete fix for CVE-2018-6530. Connected documents corrobora...

10CVSS9.7AI score0.06725EPSS
In wildExploits1References1Affected Software1
Cvelist
Cvelist
added 2019/01/02 6:0 p.m.23 views

CVE-2018-20114

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530...

9.9AI score0.06725EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2019/01/02 12:0 a.m.136 views

CVE-2018-20114

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an “&&” substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530. Recent...

10CVSS9.8AI score0.96626EPSS
In wildExploits2References2
OpenVAS
OpenVAS
added 2018/03/21 12:0 a.m.58 views

D-Link DIR Routers OS Command Injection Vulnerability (Mar 2018)

D-Link Routers DIR-860L, DIR-865L, DIR-868L and DIR-880L are prone to an OS command injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

10CVSS9.8AI score0.96626EPSS
Exploits1References6
CNVD
CNVD
added 2018/03/07 12:0 a.m.3 views

Multiple D-Link Products OS Command Injection Vulnerability

D-Link DIR-880L and others are wireless router products from AUO D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary OS commands with the help of the 'service'...

10CVSS8.4AI score0.96626EPSS
Exploits1References1
CNVD
CNVD
added 2018/03/07 12:0 a.m.2 views

D-Link DIR Series Cross-Site Scripting Vulnerability (CNVD-2018-06629)

D-Link DIR-868L and others are wireless router products from AUO D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/body/bscsmssend.php file in the D-Link DIR-868L, DIR-865L, and DIR-860L. A remote attacker can exploit the vulnerability by sending a specially crafted...

6.1CVSS6.3AI score0.01661EPSS
Exploits1References1
CNVD
CNVD
added 2018/03/07 12:0 a.m.2 views

D-Link DIR Series Cross-Site Scripting Vulnerability (CNVD-2018-06630)

The D-Link DIR-868L, DIR-865L and DIR-860L are all wireless router products from AUO D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/advparentctrlmap.php file in the D-Link DIR-868L, DIR-865L, and DIR-860L. A remote attacker can exploit the vulnerability by sending a...

6.1CVSS6.3AI score0.01661EPSS
Exploits1References1
CNVD
CNVD
added 2018/03/07 12:0 a.m.3 views

D-Link DIR Series Cross-Site Scripting Vulnerability

D-Link DIR-868L and others are wireless router products from AUO D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/bscsmsinbox.php file in the D-Link DIR-868L, DIR-865L, and DIR-860L. A remote attacker can exploit the vulnerability by sending a specially crafted 'Treturn...

6.1CVSS6.3AI score0.01661EPSS
Exploits1References1
NVD
NVD
added 2018/03/06 8:29 p.m.16 views

CVE-2018-6527

XSS vulnerability in htdocs/webinc/js/advparentctrlmap.php in D-Link DIR-868L DIR868LA1FW112b04 and previous versions, DIR-865L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and previous versions allows remote attackers to read a cookie via a crafted...

6.1CVSS5.9AI score0.01661EPSS
Exploits1References4
OSV
OSV
added 2018/03/06 8:29 p.m.1 views

CVE-2018-6529

XSS vulnerability in htdocs/webinc/js/bscsmsinbox.php in D-Link DIR-868L DIR868LA1FW112b04 and previous versions, DIR-865L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn...

6.1CVSS5.8AI score0.01661EPSS
Exploits1References4
Rows per page
Query Builder