Dir-823g Firmware Security Vulnerabilities and Issues — Dir-823g Firmware CVE List

Lucene search

D-linkDir-823g Firmware

5 matches found

CVE•added 2018/10/02 6:29 p.m.•46 views

CVE-2018-17787

On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function.

9.8CVSS9.5AI score0.23204EPSS

CVE•added 2018/10/02 6:29 p.m.•39 views

CVE-2018-17786

On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code.

9.8CVSS9.7AI score0.14226EPSS

CVE•added 2018/10/03 8:29 p.m.•38 views

CVE-2018-17881

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.

9.8CVSS9.6AI score0.01368EPSS

CVE•added 2018/10/03 8:29 p.m.•36 views

CVE-2018-17880

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot.

7.8CVSS7.7AI score0.0129EPSS

CVE•added 2019/01/31 10:29 p.m.•36 views

CVE-2019-7297

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system funct...

10CVSS9.8AI score0.21272EPSS