54 matches found
CVE-2025-9727
CVE-2025-9727 affects D-Link DIR-816L firmware 206b01. The issue lies in the soapcgi_main function of /soap.cgi, where the service argument can be manipulated to trigger an OS command injection. Remote exploitation is possible, and public exploits exist. Several connected sources confirm the vuln...
PT-2025-35406
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816L version 206b01 Description: A weakness exists due to the manipulation of the service argument within the soapcgi main function of the /soap.cgi file, leading to OS command injection. Remote exploitation is possible. The exploi...
D-Link DIR-816L 安全漏洞
The D-Link DIR-816L is a dual-band wireless router that supports 2.4GHz and 5GHz bands with a maximum transfer rate of 450Mbps. The D-Link DIR-816L suffers from an os command injection vulnerability that stems from the parameter service in the file /soap.cgi failing to correctly filter constructe...
The vulnerability of the sub_175C8 function in the /htdocs/soap.cgi file of the D-Link DIR-890L and DIR-806A1 router microprogramming system, related to the lack of data cleaning at the control level, allows a perpetrator to execute arbitrary commands.
The vulnerability of the sub175C8 function in the /htdocs/soap.cgi file of the D-Link DIR-890L and DIR-806A1 routers’ microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow an attacker operating remotely to...
D-Link DIR-890L和D-Link DIR-806A1 安全漏洞
D-Link DIR-890L and D-Link DIR-806A1 are both products of China's AUO D-Link.D-Link DIR-890L is a wireless router.D-Link DIR-806A1 is a dual-band wireless router that supports AC750 wireless rate and USB sharing function. The D-Link DIR-890L and D-Link DIR-806A1 suffer from a command injection...
CVE-2024-7357
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgimain of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The...
CVE-2024-7357 D-Link DIR-600 soap.cgi soapcgi_main os command injection
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgimain of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The...
Command Injection Vulnerability in Multiple D-Link Products
The D-Link DIR-845, among others, is a wireless router from AUO D-Link of Taiwan, China. A command injection vulnerability exists in the soap.cgi?service=WANIPConn1 URL in multiple D-Link products. The vulnerability stems from a network system or product not properly filtering specific elements o...
The vulnerability of the soapcgi_main function in the soap.cgi script of D-Link DIR-818LW and DIR-860L routers allows a hacker to execute arbitrary commands on the operating system.
The vulnerability of the soapcgimain function in the soap.cgi script /htdocs/cgibin/soap.cgi of the D-Link DIR-818LW and DIR-860L router software is caused by privilege management errors. Exploiting this vulnerability allows an attacker to execute arbitrary operating system commands using the...
CVE-2018-20114
On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530...
CVE-2018-20114
CVE-2018-20114 affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03. It is tied to an OS command injection in the cgibin soap.cgi service, exploitable via the service parameter containing an ? substring, reflecting an incomplete fix for CVE-2018-6530. Connected documents corrobora...
CVE-2018-20114
On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530...
CVE-2018-20114
On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an “&&” substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530. Recent...
D-Link DIR Routers OS Command Injection Vulnerability (Mar 2018)
D-Link Routers DIR-860L, DIR-865L, DIR-868L and DIR-880L are prone to an OS command injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Multiple D-Link Products OS Command Injection Vulnerability
D-Link DIR-880L and others are wireless router products from AUO D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary OS commands with the help of the 'service'...
D-Link DIR Series Cross-Site Scripting Vulnerability (CNVD-2018-06629)
D-Link DIR-868L and others are wireless router products from AUO D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/body/bscsmssend.php file in the D-Link DIR-868L, DIR-865L, and DIR-860L. A remote attacker can exploit the vulnerability by sending a specially crafted...
D-Link DIR Series Cross-Site Scripting Vulnerability (CNVD-2018-06630)
The D-Link DIR-868L, DIR-865L and DIR-860L are all wireless router products from AUO D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/advparentctrlmap.php file in the D-Link DIR-868L, DIR-865L, and DIR-860L. A remote attacker can exploit the vulnerability by sending a...
D-Link DIR Series Cross-Site Scripting Vulnerability
D-Link DIR-868L and others are wireless router products from AUO D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/bscsmsinbox.php file in the D-Link DIR-868L, DIR-865L, and DIR-860L. A remote attacker can exploit the vulnerability by sending a specially crafted 'Treturn...
CVE-2018-6527
XSS vulnerability in htdocs/webinc/js/advparentctrlmap.php in D-Link DIR-868L DIR868LA1FW112b04 and previous versions, DIR-865L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and previous versions allows remote attackers to read a cookie via a crafted...
CVE-2018-6529
XSS vulnerability in htdocs/webinc/js/bscsmsinbox.php in D-Link DIR-868L DIR868LA1FW112b04 and previous versions, DIR-865L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn...