Shodan
Vulnerabilities
Vulnerable Software
Dlink:  >> Dir-825  Security Vulnerabilities
CVE-2021-29296
Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-10
CVE-2020-29557
Known exploited
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.
CVSS Score
9.8
EPSS Score
0.917
Published
2021-01-29
CVE-2020-10213
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
CVSS Score
8.8
EPSS Score
0.046
Published
2020-03-07
CVE-2020-10214
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.
CVSS Score
8.8
EPSS Score
0.02
Published
2020-03-07
CVE-2020-10215
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
CVSS Score
8.8
EPSS Score
0.041
Published
2020-03-07
CVE-2020-10216
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
CVSS Score
8.8
EPSS Score
0.046
Published
2020-03-07
CVE-2019-16920
Known exploited
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
CVSS Score
9.8
EPSS Score
0.943
Published
2019-09-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved