Dlink: >> Dap-1650 Firmware Security Vulnerabilities
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.
CVSS Score
9.3
EPSS Score
0.002
Published
2024-07-16
A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.
CVSS Score
9.6
EPSS Score
0.1
Published
2024-01-26
A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.
CVSS Score
9.6
EPSS Score
0.1
Published
2024-01-26
In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-08
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-30
An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-03-21