Dlink: Security Vulnerabilities
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-09-16
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.
CVSS Score
9.8
EPSS Score
0.022
Published
2024-09-16
Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.
CVSS Score
9.8
EPSS Score
0.018
Published
2024-09-16
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
CVSS Score
9.8
EPSS Score
0.019
Published
2024-09-16
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
CVSS Score
9.8
EPSS Score
0.025
Published
2024-09-16
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.
CVSS Score
9.8
EPSS Score
0.009
Published
2024-09-09
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-09-09
D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-09-09
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file
CVSS Score
9.8
EPSS Score
0.018
Published
2024-09-06
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.
CVSS Score
9.8
EPSS Score
0.018
Published
2024-09-06