Dlink: >> Dir-823g Security Vulnerabilities
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.
CVSS Score
9.8
EPSS Score
0.053
Published
2022-11-22
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-11-22
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet.
CVSS Score
9.8
EPSS Score
0.011
Published
2022-11-03
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function
CVSS Score
9.8
EPSS Score
0.034
Published
2022-04-07
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.
CVSS Score
9.1
EPSS Score
0.005
Published
2021-11-04
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
CVSS Score
9.8
EPSS Score
0.415
Published
2021-11-04
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
CVSS Score
9.8
EPSS Score
0.301
Published
2021-11-04
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.
CVSS Score
8.8
EPSS Score
0.032
Published
2019-08-23
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.
CVSS Score
8.8
EPSS Score
0.037
Published
2019-08-23
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.
CVSS Score
8.8
EPSS Score
0.032
Published
2019-08-23