Dir-823g Firmware Security Vulnerabilities and Issues — Dir-823g Firmware CVE List

Lucene search

D-linkDir-823g Firmware

13 matches found

CVE•added 2023/06/29 4:15 p.m.•110 views

CVE-2023-26613

An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL.

9.8CVSS9.7AI score0.68946EPSS

CVE•added 2023/09/21 1:15 p.m.•103 views

CVE-2023-43235

D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.

9.8CVSS9.6AI score0.01914EPSS

CVE•added 2023/06/29 4:15 p.m.•96 views

CVE-2023-26612

D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo.

9.8CVSS9.7AI score0.02078EPSS

CVE•added 2024/09/06 4:15 p.m.•50 views

CVE-2024-44408

D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.

7.5CVSS6.8AI score0.0053EPSS

CVE•added 2023/06/29 4:15 p.m.•47 views

CVE-2023-26616

D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.

9.8CVSS9.7AI score0.02078EPSS

CVE•added 2018/10/02 6:29 p.m.•45 views

CVE-2018-17787

On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function.

9.8CVSS9.5AI score0.23204EPSS

CVE•added 2024/04/29 6:15 p.m.•41 views

CVE-2024-33345

D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input.

6.5CVSS6.9AI score0.00282EPSS

CVE•added 2018/10/02 6:29 p.m.•38 views

CVE-2018-17786

On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code.

9.8CVSS9.7AI score0.14226EPSS

CVE•added 2023/09/21 1:15 p.m.•38 views

CVE-2023-43241

D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.

9.8CVSS9.6AI score0.01914EPSS

CVE•added 2018/10/03 8:29 p.m.•37 views

CVE-2018-17881

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.

9.8CVSS9.6AI score0.01368EPSS

CVE•added 2023/06/28 3:15 p.m.•36 views

CVE-2023-26615

D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.

7.5CVSS8AI score0.00084EPSS

CVE•added 2019/01/31 10:29 p.m.•35 views

CVE-2019-7297

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system funct...

10CVSS9.8AI score0.21272EPSS

CVE•added 2018/10/03 8:29 p.m.•34 views

CVE-2018-17880

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot.

7.8CVSS7.7AI score0.0129EPSS