Dir-878 Firmware Security Vulnerabilities and Issues — Dir-878 Firmware CVE List

Lucene search

DlinkDir-878 Firmware

35 matches found

CVE•added 2024/01/19 4:15 p.m.•120 views

CVE-2024-0717

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-...

5.3CVSS5.3AI score0.19519EPSS

CVE•added 2022/04/11 8:15 p.m.•84 views

CVE-2022-1262

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.

7.8CVSS8AI score0.00406EPSS

CVE•added 2022/04/07 7:15 p.m.•73 views

CVE-2022-26670

D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service.

8.8CVSS9.4AI score0.05767EPSS

CVE•added 2023/01/26 6:59 p.m.•72 views

CVE-2022-41140

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue...

8.8CVSS8.9AI score0.01947EPSS

CVE•added 2022/02/04 2:15 a.m.•59 views

CVE-2021-44880

D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.

10CVSS9.9AI score0.16649EPSS

CVE•added 2021/04/02 8:15 p.m.•58 views

CVE-2021-30072

An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication.

9.8CVSS9.6AI score0.00547EPSS

CVE•added 2022/02/04 2:15 a.m.•55 views

CVE-2021-44882

D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.

10CVSS9.8AI score0.08686EPSS

CVE•added 2020/03/23 9:15 p.m.•50 views

CVE-2020-8863

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login req...

8.8CVSS9AI score0.01769EPSS

CVE•added 2020/03/23 9:15 p.m.•49 views

CVE-2020-8864

8.8CVSS9.1AI score0.11332EPSS

CVE•added 2025/01/15 7:15 p.m.•46 views

CVE-2025-0481

A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been di...

7.5CVSS5.2AI score0.00044EPSS

CVE•added 2022/10/19 2:15 p.m.•43 views

CVE-2022-43184

D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.

9.8CVSS9.7AI score0.01786EPSS

CVE•added 2023/04/09 9:15 p.m.•43 views

CVE-2023-27720

D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.0115EPSS

CVE•added 2024/10/17 6:15 p.m.•43 views

CVE-2024-48629

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

8CVSS8.7AI score0.01787EPSS

CVE•added 2024/10/17 6:15 p.m.•42 views

CVE-2024-48632

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a ...

8CVSS8.7AI score0.00733EPSS

CVE•added 2024/10/17 6:15 p.m.•42 views

CVE-2024-48633

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbit...

8CVSS8.7AI score0.00733EPSS

CVE•added 2022/11/22 3:15 p.m.•41 views

CVE-2022-44801

D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.

9.8CVSS9.4AI score0.01408EPSS

CVE•added 2024/10/17 6:15 p.m.•41 views

CVE-2024-48634

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

8CVSS8.7AI score0.00733EPSS

CVE•added 2024/10/17 6:15 p.m.•41 views

CVE-2024-48638

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

8CVSS8.7AI score0.01787EPSS

CVE•added 2019/02/13 3:29 a.m.•40 views

CVE-2019-8314

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request...

9CVSS9AI score0.01524EPSS

CVE•added 2022/11/22 3:15 p.m.•40 views

CVE-2022-44202

D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow.

9.8CVSS9.4AI score0.01957EPSS

CVE•added 2019/02/13 3:29 a.m.•39 views

CVE-2019-8318

9CVSS9AI score0.01524EPSS

CVE•added 2024/10/17 6:15 p.m.•39 views

CVE-2024-48630

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

8CVSS8.7AI score0.00733EPSS

CVE•added 2023/04/07 2:15 a.m.•38 views

CVE-2023-24799

D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00502EPSS

CVE•added 2024/10/17 6:15 p.m.•38 views

CVE-2024-48635

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

8CVSS8.7AI score0.01787EPSS

CVE•added 2019/02/13 3:29 a.m.•37 views

CVE-2019-8312

9CVSS9AI score0.01524EPSS

CVE•added 2019/02/13 3:29 a.m.•37 views

CVE-2019-8319

9CVSS9AI score0.01524EPSS

CVE•added 2023/04/07 2:15 a.m.•37 views

CVE-2023-24798

D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00502EPSS

CVE•added 2019/02/13 3:29 a.m.•36 views

CVE-2019-8316

9CVSS9AI score0.01533EPSS

CVE•added 2024/10/17 6:15 p.m.•36 views

CVE-2024-48636

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

8CVSS8.7AI score0.01787EPSS

CVE•added 2019/02/13 3:29 a.m.•34 views

CVE-2019-8313

9CVSS9AI score0.01524EPSS

CVE•added 2023/04/07 2:15 a.m.•34 views

CVE-2023-24800

D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.00681EPSS

CVE•added 2024/10/17 6:15 p.m.•34 views

CVE-2024-48637

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

8CVSS8.7AI score0.01787EPSS

CVE•added 2019/02/13 3:29 a.m.•33 views

CVE-2019-8317

9CVSS9AI score0.01524EPSS

CVE•added 2024/10/17 6:15 p.m.•33 views

CVE-2024-48631

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

8CVSS8.7AI score0.01787EPSS

CVE•added 2019/02/13 3:29 a.m.•32 views

CVE-2019-8315

9CVSS9.1AI score0.01524EPSS