CVE-2023-41225

Affected software: D-Link DIR-3040 router. Vulnerability: prog.cgi SetIPv6PppoeSettings handles HNAP requests over the lighttpd webserver and contains a stack-based buffer overflow due to improper validation of a user-supplied string copied into a fixed-size buffer, enabling remote code execution...

CVE-2023-41221

The CVE-2023-41221 issue affects D-Link DIR-3040 routers, specifically the prog.cgi SetWLanRadioSecurity function. The flaw is a stack-based buffer overflow in the prog.cgi binary that processes HNAP requests for the lighttpd webserver (on TCP ports 80/443). This occurs due to insufficient valida...

CVE-2023-41223 D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

CVE-2023-41218 D-Link DIR-3040 prog.cgi SetWan3Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetWan3Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability...

CVE-2023-41217 D-Link DIR-3040 prog.cgi SetQuickVPNSettings Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetQuickVPNSettings Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

CVE-2023-41215 D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The...

CVE-2023-41212 D-Link DAP-1325 SetTriggerAPValidate Key Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetTriggerAPValidate Key Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41211 D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to...

CVE-2023-41209 D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS1 Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS1 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41208 D-Link DAP-1325 SetHostIPv6StaticSettings StaticDefaultGateway Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticDefaultGateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to...

CVE-2023-41208 D-Link DAP-1325 SetHostIPv6StaticSettings StaticDefaultGateway Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticDefaultGateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to...

CVE-2023-41208

The CVE concerns D-Link DAP-1325 devices exposing a SetHostIPv6StaticSettings StaticDefaultGateway stack-based buffer overflow in the HNAP1 SOAP endpoint. The root cause is improper validation of the length of user-supplied XML data before copying it into a fixed-size stack buffer, enabling netwo...

CVE-2023-41206 D-Link DAP-1325 SetHostIPv6Settings IPv6Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6Settings IPv6Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41202

CVE-2023-41202 affects D-Link DAP-1325 via the SetAPLanSettings mode. The flaw is a stack-based buffer overflow in processing XML data sent to the HNAP1 SOAP endpoint, caused by insufficient validation of user-supplied data length, allowing network-adjacent attackers to execute arbitrary code wit...

CVE-2023-41203 D-Link DAP-1325 SetAPLanSettings PrimaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetAPLanSettings PrimaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-40478 NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, th...

CVE-2023-38094

CVE-2023-38094 affects Kofax Power PDF through the replacePages function, where a stack-based buffer is overflowed due to improper validation of user-supplied data length. This enables remote code execution with the attacker’s code running in the process context. Exploitation requires user intera...

CVE-2023-38092

CVE-2023-38092 affects Kofax Power PDF. The vulnerability resides in the importDataObject method, caused by insufficient validation of the length of user-supplied data before copying to a fixed-length stack-based buffer, enabling a stack-based buffer overflow and remote code execution. Exploitati...

CVE-2023-38092 Kofax Power PDF importDataObject Stack-based Buffer Overflow Remote Code Execution Vulnerability

Kofax Power PDF importDataObject Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must...

CVE-2023-37322

CVE-2023-37322 affects D-Link DAP-2622 routers, in the DDP Set SSID List RADIUS server. The flaw is a stack-based buffer overflow caused by improper validation of user-supplied data length before copying to a fixed-length buffer, enabling remote code execution in the context of root by network-ad...