D-Link

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52. [CVSS 7.5 HIGH]

A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. [CVSS 3.5 LOW]

Path traversal in node-tar versions prior to 7.5.10 allows local attackers to write files outside the intended extraction directory by exploiting drive-relative link targets during archive extraction. An attacker with the ability to create or modify tar archives can overwrite arbitrary files on the system with elevated privileges. Public exploit code exists for this vulnerability affecting Node.js, D-Link, and Tar products.

Privilege escalation in D-Link DIR-1253 MESH V1.6.1684 via etc/shadow.sample.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. Part of a family of 15+ critical buffer overflows in this router.

Path traversal in D-Link DIR-513 verification code processing. PoC available.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWWConfig. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ critical buffer overflows in this router.

D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL]

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvFirewall. Part of a family of 15+ critical buffer overflows in this router.

Command injection in D-Link DIR-868L via SSDP service. PoC available.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter. Part of a family of 15+ critical buffer overflows in this router.

Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user. [CVSS 8.2 HIGH]

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware's scheduled reboot configuration endpoint allows authenticated remote attackers to achieve full system compromise through the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires valid credentials but has a high attack surface due to network accessibility and the severity of potential impacts including code execution and data exfiltration.

Remote code execution in D-Link DWR-M960 firmware through a stack buffer overflow in the VPN configuration endpoint allows authenticated attackers to execute arbitrary code by manipulating the submit-url parameter. The vulnerability affects firmware version 1.01.07 and public exploit code exists, though no patch is currently available.

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the /boafrm/formDhcpv6s function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) allows authenticated attackers to achieve remote code execution via a malicious URL parameter in the /boafrm/formNewSchedule function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, posing a significant risk to affected devices.

Remote code execution in D-Link DWR-M960 firmware 1.01.07 via stack-based buffer overflow in the /boafrm/formWsc endpoint allows authenticated attackers to achieve full system compromise through manipulation of the save_apply parameter. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. [CVSS 2.4 LOW]

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the wireless access control endpoint. Public exploit code exists for this vulnerability, and no patch is currently available.

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) WLAN encryption configuration endpoint allows authenticated remote attackers to execute arbitrary code with high integrity and confidentiality impact. The vulnerability exists in the submit-url parameter handling within the /boafrm/formWlEncrypt component and has public exploit code available. No patch is currently available for this vulnerability.

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve code execution by manipulating the submit-url parameter in the Operation Mode Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this flaw to fully compromise affected devices.

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the LTE Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this flaw to achieve complete system compromise including confidentiality, integrity, and availability breaches.

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve complete system compromise through manipulation of the submit-url parameter in the Bridge VLAN Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges.

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware allows remote authenticated attackers to achieve complete system compromise through crafted input to the IPv6 setup function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution through a malformed submit-url parameter in the WAN interface configuration handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this to gain complete system compromise.

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows remote attackers with low privileges to achieve complete system compromise through manipulation of the submit-url parameter in the /boafrm/formIpQoS function. Public exploit code exists for this vulnerability and no patch is currently available, creating immediate risk for affected deployments.

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the /boafrm/formDosCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires low complexity with no user interaction, affecting device confidentiality, integrity, and availability.

Remote code execution in D-Link DWR-M960 firmware through stack-based buffer overflow in the Advanced Firewall Configuration endpoint allows authenticated attackers to achieve complete system compromise. The vulnerability exists in the /boafrm/formFirewallAdv component where improper input validation on the submit-url parameter enables stack overflow attacks. Public exploit code is available and no patch has been released.

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve complete system compromise through the Port Forwarding Configuration endpoint. The vulnerability exists in the submit-url parameter processing and has public exploit code available. Affected devices are remotely exploitable by authenticated users with no user interaction required.

Stack-based buffer overflow in D-Link DWR-M960 firmware 1.01.07 Filter Configuration endpoint allows authenticated remote attackers to achieve full system compromise through a malicious submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but executes with no user interaction needed.

Stack-based buffer overflow in D-Link DWR-M960 firmware's DDNS settings handler allows authenticated remote attackers to achieve complete system compromise through a malicious submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.01.07 and can be exploited without user interaction.

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 NTP configuration endpoint allows remote authenticated attackers to achieve complete system compromise through manipulation of the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw carries a high severity rating with CVSS score of 8.8 due to potential for remote code execution with minimal attack complexity.

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve full system compromise through manipulation of the submit-url parameter in the System Log Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger this flaw to execute arbitrary code with complete control over confidentiality, integrity, and availability.

Path traversal in node-tar versions 7.5.7 and earlier allows local attackers to read and write arbitrary files outside the extraction directory by crafting malicious tar archives containing hardlinks that bypass extraction path validation. Public exploit code exists for this vulnerability, which affects default extraction configurations in Node.js and related Tar implementations. The vulnerability has been patched in node-tar 7.5.8.

D-Link products versions 2.0.0 and earlier are vulnerable to server-side request forgery (SSRF) that allows authenticated attackers to make arbitrary HTTP requests from the affected system. This MEDIUM severity vulnerability requires valid credentials but enables attackers to bypass network controls and potentially access internal resources or services. No patch is currently available.

D-Link products using BusyBox are vulnerable to privilege escalation through malicious tar archives containing unvalidated symlink or hardlink entries that extract files outside the intended directory. An attacker with local access can craft a specially crafted archive to modify critical system files when extraction occurs with elevated privileges, potentially gaining unauthorized system access. No patch is currently available for this vulnerability.

Remote code execution in D-Link DCS-931L camera firmware through OS command injection in the /goform/setSysAdmin endpoint allows authenticated attackers to execute arbitrary commands on affected devices. Public exploit code exists for this vulnerability, and no patch is available since the product is no longer supported by the vendor.

D-Link DCS-931L camera firmware versions up to 1.13.0 contain a command injection vulnerability in the /setSystemAdmin endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the AdminID parameter. Public exploit code exists for this vulnerability, though the affected devices are no longer supported by D-Link. An attacker with administrative access could achieve remote code execution on vulnerable cameras.

Command injection in D-Link DCS-933L firmware up to version 1.14.11 allows authenticated remote attackers to execute arbitrary commands through the AdminID parameter in the /setSystemAdmin endpoint. Public exploit code exists for this vulnerability, which affects only end-of-life devices no longer receiving security updates. An attacker with valid credentials can achieve remote code execution with limited system privileges.

D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the /goform/set_filtering function that allows remote attackers with high privileges to execute arbitrary commands with full system access. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and administrative credentials but carries high confidentiality, integrity, and availability impact.

Di-7100G C1 Firmware versions up to 24.04.18d1 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command injection in D-Link DI-7100G C1 firmware version 24.04.18D1 allows authenticated remote attackers to execute arbitrary commands through manipulation of the usb_username parameter in the set_jhttpd_info function. Public exploit code exists for this vulnerability, and no patch is currently available. The medium-severity flaw requires valid credentials but can be exploited over the network with minimal complexity.

Unauthenticated attackers can execute arbitrary operating system commands on D-Link DIR-823X routers through the /goform/set_upnp endpoint via the upnp_enable parameter. Public exploit code is available for this vulnerability, and no patch has been released. This allows complete compromise of affected devices with high impact on confidentiality, integrity, and availability.

Command injection in D-Link DWR-M921 firmware via the fota_url parameter allows authenticated remote attackers to execute arbitrary commands with network access. The vulnerability affects firmware version 1.1.50 and has public exploit code available. A patch is not currently available.

D-Link DWR-M921 firmware versions up to 1.1.50 contain a command injection vulnerability in the LTE firmware update function that allows authenticated remote attackers to execute arbitrary commands via a manipulated fota_url parameter. Public exploit code is available for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials could achieve remote code execution on affected devices.

Command injection in D-Link DIR-600 firmware through the ssdp.cgi file allows remote attackers to execute arbitrary commands by manipulating HTTP parameters (HTTP_ST, REMOTE_ADDR, REMOTE_PORT, SERVER_ID). Public exploit code exists for this vulnerability, though it affects only unsupported product versions. The attack requires high-level privileges but has low complexity and impacts confidentiality, integrity, and availability.

Remote code execution in D-Link DIR-823X routers through OS command injection in the static route configuration endpoint allows unauthenticated remote attackers to execute arbitrary commands with high privileges. The vulnerability affects the /goform/set_static_route_table function and can be exploited by manipulating interface, destination IP, netmask, gateway, or metric parameters. Public exploit code exists for this vulnerability, and no patch is currently available.

Remote code execution in D-Link DIR-823X routers through OS command injection in the DMZ configuration handler allows unauthenticated attackers to execute arbitrary commands on affected devices. The vulnerability exists in the /goform/set_dmz endpoint where the dmz_host and dmz_enable parameters are insufficiently sanitized, and public exploit code is currently available. Organizations using DIR-823X firmware should prioritize patching as no official fix is currently available.

Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-615 4.10 routers through manipulated routing parameters in the web configuration interface, requiring only network access and no user interaction. Public exploit code is available for this vulnerability, and D-Link has not released a patch for the end-of-life device.

Remote code execution in D-Link DIR-615 firmware through os command injection via the dmz_ipaddr parameter in the DMZ Host Feature allows authenticated attackers to execute arbitrary commands with high privileges. Public exploit code exists for this vulnerability, which affects unsupported product versions with no available patch. The attack requires high-level authentication but can be launched over the network without user interaction.

Unauthenticated attackers can achieve remote code execution on D-Link DIR-823X routers through OS command injection in the DDNS service component via the /goform/set_ddns endpoint. The vulnerability allows manipulation of DDNS parameters (ddnsType, ddnsDomain, ddnsUserName, ddnsPwd) to execute arbitrary system commands with high privileges. Public exploit code exists and no patch is currently available.

Remote code execution in D-Link DIR-823X firmware via command injection in the QoS configuration function allows unauthenticated attackers to execute arbitrary OS commands over the network. The vulnerability affects the /goform/set_qos endpoint and has public exploit code available, increasing the risk of active exploitation. No patch is currently available.

Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-823X routers through command injection in the /goform/set_ac_status endpoint via manipulation of ac_ipaddr, ac_ipstatus, or ap_randtime parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

Remote code execution in D-Link DIR-823X routers through OS command injection in the /goform/set_server_settings endpoint allows unauthenticated attackers to execute arbitrary commands by manipulating terminal_addr, server_ip, or server_port parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at high risk.

Command injection in D-Link DWR-M921 firmware versions up to 1.1.50 allows remote attackers with high privileges to execute arbitrary commands through the USSD Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can leverage the unsanitized ussdValue parameter to compromise the affected device.

D-Link DIR-823X firmware contains a command injection vulnerability in the /goform/set_language endpoint that allows remote attackers with high privileges to execute arbitrary OS commands via manipulation of the langSelection parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation grants complete system compromise with confidentiality, integrity, and availability impact.

D-Link DIR-823X routers contain an OS command injection vulnerability in the /goform/set_mac_clone endpoint that allows remote attackers with high privileges to execute arbitrary commands through manipulation of the mac parameter. Public exploit code exists for this vulnerability, which affects confidentiality, integrity, and availability. No patch is currently available.

D-Link DIR-823X firmware contains an OS command injection vulnerability in the /goform/set_password endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the http_passwd parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could leverage this to compromise the affected device with limited confidentiality, integrity, and availability impact.

D-Link DIR-823X routers are vulnerable to remote command injection through the Web Management Interface's /goform/set_ac_server endpoint, allowing unauthenticated attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. A patch is not currently available, leaving affected devices exposed until remediation.

D-Link DIR-823X firmware versions up to 250416 contain an OS command injection vulnerability in the IPv6 configuration endpoint that allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires administrative privileges but can be executed over the network with no user interaction required.

D-Link DIR-605L and DIR-619L routers expose sensitive information through the DHCP Connection Status Handler via unauthenticated network requests, with public exploit code available. Affected devices running firmware versions 2.06B01 and 2.13B01 can leak configuration data to remote attackers without authentication, though impact is limited to information disclosure. No patch is available as these router models are end-of-life and no longer supported by D-Link.

Information disclosure in D-Link DIR-605L and DIR-619L routers allows unauthenticated remote attackers to access sensitive DHCP client information through an unspecified manipulation of the DHCP Client Information Handler component. Public exploit code exists for this vulnerability, though patches are unavailable since these device models are no longer supported by D-Link.

D-Link DIR-605L and DIR-619L routers (firmware versions 2.06B01/2.13B01) expose sensitive information through an unauthenticated remote manipulation of the WiFi Setting Handler component. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from D-Link. An attacker can remotely retrieve configuration data without authentication or user interaction.

Dsl-6641K Firmware versions up to n8.tr069.20131126 is affected by cross-site scripting (xss) (CVSS 2.4).

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. [CVSS 2.4 LOW]

Dir-823X Firmware versions up to 250416 is affected by improper restriction of excessive authentication attempts (CVSS 3.7).

Command injection in D-Link DWR-M961 firmware version 1.1.47 allows authenticated remote attackers to execute arbitrary commands via manipulation of the action_value parameter in the SMS message handling function. The vulnerability requires valid credentials but no user interaction, and public exploit code is available. Affected systems can suffer unauthorized command execution, data theft, and potential device compromise.

Command injection in D-Link DWR-M961 firmware through the /boafrm/formLtefotaUpgradeFibocom endpoint allows authenticated remote attackers to execute arbitrary commands by manipulating the fota_url parameter. Public exploit code exists for this vulnerability, and no patch is currently available.

Command injection in D-Link DWR-M961 firmware (version 1.1.47) allows unauthenticated remote attackers to execute arbitrary commands through the fota_url parameter in the LTE firmware upgrade function. Public exploit code exists for this vulnerability, which requires low privileges but no user interaction to exploit. No patch is currently available for affected devices.

D-Link DIR-823X routers are vulnerable to remote command injection through the lan_gateway parameter in the /goform/set_mode function, allowing authenticated attackers to execute arbitrary OS commands. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from the vendor. The attack requires network access and valid credentials but has a low CVSS score of 6.3 due to limited impact scope.

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. [CVSS 2.4 LOW]

Unauthenticated remote attackers can inject arbitrary OS commands through the MAC filter configuration parameter in D-Link DIR-615 firmware version 4.10 and potentially earlier versions. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from D-Link. Successful exploitation grants complete system compromise with high impact to confidentiality, integrity, and availability.

Command injection in D-Link DIR-615 firmware via the /set_temp_nodes.php URL Filter component allows unauthenticated remote attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, which affects legacy unsupported devices with a 7.2 CVSS score and no available patch.

node-tar before version 7.5.7 contains a path traversal vulnerability where inconsistent path resolution between validation and execution logic allows attackers to bypass security checks and create hardlinks to arbitrary files outside the intended extraction directory. Public exploit code exists for this vulnerability, affecting Node.js applications that process untrusted TAR archives. An attacker can craft a malicious TAR file to write to sensitive locations on the system.

Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. No patch has been released by the vendor.

Dcs-700L Firmware versions up to 1.03.09 contains a vulnerability that allows attackers to command injection (CVSS 4.7).