Skip to main content

Dir 882 Firmware CVE-2023-26925

HIGH
2023-03-31 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 31, 2023 - 19:15 nvd
HIGH 7.5

DescriptionNVD

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information.

AnalysisAI

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information. Affected products include: Dlink Dir-882 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-44807 CRITICAL POC
9.8 Nov 22

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. Rated critical severity (CVSS 9

CVE-2022-44806 CRITICAL POC
9.8 Nov 22

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerabil

CVE-2022-44804 CRITICAL POC
9.8 Nov 22

D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. Rated critical severit

CVE-2022-28901 CRITICAL POC
9.8 May 10

A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows a

CVE-2022-28896 CRITICAL POC
9.8 May 10

A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 all

CVE-2022-28895 CRITICAL POC
9.8 May 10

A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allo

CVE-2022-28571 CRITICAL POC
9.8 May 02

D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. Rated critical

CVE-2022-1262 HIGH POC
7.8 Apr 11

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interf

CVE-2024-0717 MEDIUM POC
5.3 Jan 19

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DI

CVE-2020-15633 HIGH
8.8 Jul 23

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-86

CVE-2020-8864 HIGH
8.8 Mar 23

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-86

CVE-2020-8863 HIGH
8.8 Mar 23

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-86

Share

CVE-2023-26925 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy