Stack overflow

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function...

Stack overflow

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function...

CVE-2023-43201

The CVE-2023-43201 issue affects D-Link DI-7200GV2.E1 (v21.04.09E1). A stack overflow is triggered via the hi_up parameter in the qos_ext.asp function, as reported by multiple sources. Impact is described as high for confidentiality, integrity, and availability. Connected documents confirm the vu...

CVE-2023-43196

D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the znjb parameter in the arpsys.asp function...

CVE-2023-43199

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function...

CVE-2023-43197

Affected product: D-Link DI-7200GV2.E1 (firmware 21.04.09E1). Issue: stack overflow in tgfile.asp when processing the fn parameter, effectively a buffer overflow in memory. Impact: can compromise confidentiality, integrity, and availability per the provided documents. Root cause: improper handlin...

CVE-2023-43196

CVE-2023-43196 affects D-Link DI-7200GV2.E1 (firmware v21.04.09E1). A stack overflow is triggered by processing the zn_jb parameter in the arp_sys.asp function, enabling a network-borne issue with high impact. The NVD entry assigns a CVSSv3.1 base score of 9.8 (CRITICAL) with network attack vecto...

CVE-2021-46228

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpddebug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter...

CVE-2021-46229

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usbpaswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter...

Command injection

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wgettest.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter...

Command injection

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxyclient.asp. This vulnerability allows attackers to execute arbitrary commands via the proxysrv, proxysrvport, proxylanip, proxylanport parameters...

CVE-2021-46226

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wgettest.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter...

CVE-2021-46228

CVE-2021-46228 affects D-Link DI-7200GV2.E1 (firmware v21.04.09E1). The vulnerability is a command-injection in the httpd_debug.asp function, exploitable via the time parameter to execute arbitrary commands. The CVE entry notes potential arbitrary command execution with a network-access attack su...

CVE-2021-46229

CVE-2021-46229 affects D-Link DI-7200GV2.E1 (v21.04.09E1); vulnerability is a command injection in the usb_paswd.asp function, exploitable via the name parameter to execute arbitrary commands. Root cause: insufficient input validation in usb_paswd.asp. Impact: high (remote code execution, partial...