CVE-2024-51023

D-Link DIR823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2022-43109

D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet...

The vulnerability of the SetNetworkTomographySettings function in D-Link COVR 1200,1202,1203 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetNetworkTomographySettings function in D-Link COVR 1200,1202,1203 router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands throug...

Command injection

D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomographypingnumber parameter at function SetNetworkTomographySettings...

CVE-2022-42156

D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomographypingnumber parameter at function SetNetworkTomographySettings...

D-Link COVR 命令注入漏洞

D-Link COVR is a series of routers from China-based AUO D-Link. A security vulnerability exists in the D-Link COVR 1200, 1203 v1.08 versions, which originates from a command injection vulnerability contained via the tomographypingnumber parameter in the function SetNetworkTomographySettings...

The vulnerabilities of the DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 allow a hacker to execute arbitrary commands.

The vulnerability of the DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 routers is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a malicious actor to execute arbitrary commands using a...

CVE-2021-46314

A Remote Command Execution RCE vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name...

CVE-2021-46314

A Remote Command Execution RCE vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name...

D-Link DIR-846 操作系统命令注入漏洞

A command execution vulnerability exists in the D-Link DIR-846, a wireless router from D-Link in Taiwan, China, which originates in the product HNAP1/control/SetNetworkTomographySettings.php file. The vulnerability is caused by the fact that the HNAP1/control/SetNetworkTomographySettings.php file...

CVE-2021-46452

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomographypingaddress, tomographypingnumber, tomographypingsize,...

CVE-2021-46452

CVE-2021-46452 affects D-Link DIR-823-Pro v1.0.2. A command-injection vulnerability exists in the SetNetworkTomographySettings function, enabling an attacker to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and t...

CVE-2020-21935

A command injection vulnerability in HNAP1/GetNetworkTomographySettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary code...

PT-2018-3894 · D Link · D-Link Dir-846

Name of the Vulnerable Software and Affected Versions: D-Link DIR-846 version 100.26 Description: The issue exists due to the lack of measures to neutralize special elements used in an operating system command. This can be exploited by a remote attacker to execute arbitrary code. The exploitation...