306 matches found
CVE-2023-51623 D-Link DIR-X3260 prog.cgi SetAPClientSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DIR-X3260 prog.cgi SetAPClientSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...
CVE-2023-51618
CVE-2023-51618 affects D-Link DIR-X3260. The flaw is a stack-based buffer overflow in prog.cgi handling HNAP requests on lighttpd (ports 80/443). It arises from improper validation of a user-supplied string copied into a fixed-length buffer, enabling remote code execution with root privileges. At...
CVE-2023-51614 D-Link DIR-X3260 prog.cgi SetQuickVPNSettings Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability
D-Link DIR-X3260 prog.cgi SetQuickVPNSettings Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...
CVE-2023-51615 D-Link DIR-X3260 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability
D-Link DIR-X3260 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...
CVE-2023-34275
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the...
CVE-2023-51595
Vulnerability (CVE-2023-51595) : Voltronic Power ViewPower Pro is affected by a SQL injection in the selectDeviceListBy method. The flaw stems from insufficient validation of a user-supplied string used to build SQL queries, allowing an attacker to execute arbitrary code in the context of LOCAL S...
CVE-2023-51586 Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability
Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...
CVE-2023-50232
CVE-2023-50232 exposes a remote code execution in Inductive Automation Ignition via a getParams argument injection. The flaw stems from insufficient validation of a user-supplied string used to form a system-call argument, allowing code execution in the context of the current user. Exploitation r...
CVE-2023-50215
CVE-2023-50215 – D-Link G416 : A vulnerability in the HTTP service listening on port 80 on D-Link G416 routers allows remote code execution as root due to improper validation of a user-supplied string before using it in a system call. This enables network-adjacent attackers (no authentication req...
CVE-2023-50204
CVE-2023-50204 describes a command-injection remote code execution in the D-Link G416 wireless router. The flaw resides in the HTTP service (TCP port 80) and stems from insufficient validation of a user-supplied string used to perform a system call, allowing network-adjacent attackers to execute ...
CVE-2023-50198
The CVE-2023-50198 issue affects the D-Link G416 wireless router. A command-injection vulnerability in the HTTP service (port 80) allows network-adjacent attackers to inject commands and execute code with root privileges due to insufficient validation of user-supplied input before a system call. ...
CVE-2023-42122 Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability
Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execute low-privileged code on the target system in...
CVE-2023-42120 Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability
Control Web Panel dnszoneeditor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2023-41221 D-Link DIR-3040 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability
D-Link DIR-3040 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...
CVE-2023-41223 D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability
D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...
CVE-2023-41218 D-Link DIR-3040 prog.cgi SetWan3Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability
D-Link DIR-3040 prog.cgi SetWan3Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability...
CVE-2023-41217
CVE-2023-41217 affects D-Link DIR-3040 routers. The vulnerability resides in the prog.cgi handling of HNAP requests to the lighttpd webserver on ports 80/443, where unsafely copied user input into a fixed-length stack buffer leads to a stack-based buffer overflow . This permits remote code execut...
CVE-2023-41198
CVE-2023-41198 impacts the D-Link DAP-1325 router. The flaw is in the HNAP1 endpoint under the function SetHostIPv6StaticSettings, specifically the StaticDNS1 parameter. Lack of validation of a user-supplied string leads to command injection and remote code execution with root privileges. Attack ...
CVE-2023-34278
CVE-2023-34278 concerns the D-Link DIR-2150 router. The vulnerability lies in the SOAP API interface (listening on port 80) where a user-supplied string is not properly validated before being used in a system call, allowing a network-adjacent attacker to execute code with root privileges. Authent...
CVE-2023-34275 D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the...