Lucene search

K

Dir-825 Firmware Security Vulnerabilities

cve
cve

CVE-2019-16920

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers t...

9.8CVSS

9.8AI Score

0.971EPSS

2019-09-27 12:15 PM
943
In Wild
2
cve
cve

CVE-2020-10213

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

8.8CVSS

9AI Score

0.003EPSS

2020-03-07 01:15 AM
151
cve
cve

CVE-2020-10214

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.

8.8CVSS

8.9AI Score

0.001EPSS

2020-03-07 01:15 AM
144
cve
cve

CVE-2020-10215

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

8.8CVSS

9AI Score

0.003EPSS

2020-03-07 01:15 AM
149
cve
cve

CVE-2020-10216

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

8.8CVSS

9AI Score

0.003EPSS

2020-03-07 01:15 AM
148
cve
cve

CVE-2021-29296

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, ...

7.5CVSS

7.4AI Score

0.001EPSS

2021-08-10 08:15 PM
39
cve
cve

CVE-2021-46441

In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization.

8.8CVSS

9.6AI Score

0.004EPSS

2022-04-27 11:15 AM
70
cve
cve

CVE-2021-46442

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization.

9.8CVSS

9.7AI Score

0.003EPSS

2022-04-27 11:15 AM
61
cve
cve

CVE-2022-29332

D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server.

6.5CVSS

6.4AI Score

0.001EPSS

2022-05-17 02:15 PM
43
2
cve
cve

CVE-2022-47035

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.

9.8CVSS

9.7AI Score

0.003EPSS

2023-01-31 04:15 PM
26
cve
cve

CVE-2024-0717

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-...

5.3CVSS

5.3AI Score

0.001EPSS

2024-01-19 04:15 PM
40