Skip to main content

Dir 845L Firmware

9 CVEs product

Monthly

CVE-2024-33113 MEDIUM POC This Month

D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dir 845L Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
3.4%
CVE-2024-33112 HIGH POC This Week

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 845L Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
6.5%
CVE-2024-33111 MEDIUM POC This Month

D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP XSS Dir 845L Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-33110 CRITICAL POC Act Now

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 845L Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-29385 CRITICAL POC Act Now

DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 845L Firmware
NVD GitHub
CVSS 3.1
9.0
EPSS
1.6%
CVE-2024-29366 HIGH POC This Week

A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 845L Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2022-38557 CRITICAL Act Now

D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 845L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36756 CRITICAL POC Act Now

DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP Code Injection Dir 845L Firmware
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-36755 CRITICAL POC Act Now

D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass PHP Dir 845L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
EPSS 3% CVSS 5.3
MEDIUM POC This Month

D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection +1
NVD GitHub
EPSS 6% CVSS 7.5
HIGH POC This Week

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 845L Firmware
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP XSS +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP +1
NVD GitHub
EPSS 2% CVSS 9.0
CRITICAL POC Act Now

DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 845L Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 845L Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy