Shodan
Vulnerabilities
Vulnerable Software
Dlink:  >> Dir-823g  Security Vulnerabilities
CVE-2019-15526
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.
CVSS Score
8.8
EPSS Score
0.032
Published
2019-08-23
CVE-2019-15527
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.
CVSS Score
8.8
EPSS Score
0.037
Published
2019-08-23
CVE-2019-15528
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.
CVSS Score
8.8
EPSS Score
0.032
Published
2019-08-23
CVE-2019-15529
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.
CVSS Score
8.8
EPSS Score
0.125
Published
2019-08-23
CVE-2019-15530
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.
CVSS Score
8.8
EPSS Score
0.032
Published
2019-08-23
CVE-2019-13128
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings.
CVSS Score
8.8
EPSS Score
0.125
Published
2019-07-01
CVE-2019-8392
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-02-17
CVE-2019-7388
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.
CVSS Score
7.5
EPSS Score
0.015
Published
2019-02-05
CVE-2019-7389
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication.
CVSS Score
7.5
EPSS Score
0.031
Published
2019-02-05
CVE-2019-7390
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.
CVSS Score
8.6
EPSS Score
0.01
Published
2019-02-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved