Shodan
Vulnerabilities
Vulnerable Software
Dlink:  >> Dir-823g Firmware  >> 1.0.2b05  Security Vulnerabilities
CVE-2020-25367
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
CVSS Score
9.8
EPSS Score
0.24
Published
2021-11-04
CVE-2019-15526
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.
CVSS Score
8.8
EPSS Score
0.031
Published
2019-08-23
CVE-2019-15527
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.
CVSS Score
8.8
EPSS Score
0.036
Published
2019-08-23
CVE-2019-15528
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.
CVSS Score
8.8
EPSS Score
0.031
Published
2019-08-23
CVE-2019-15529
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.
CVSS Score
8.8
EPSS Score
0.121
Published
2019-08-23
CVE-2019-15530
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.
CVSS Score
8.8
EPSS Score
0.031
Published
2019-08-23
CVE-2019-7298
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input.
CVSS Score
8.1
EPSS Score
0.398
Published
2019-02-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved