Dir 823g Firmware

dir-823g_firmware

Vendor: D Link • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-7297 1D Link 1Dir 823g Firmware Nov 21, 2024 Jan 31, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request....Show more An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input.Show less
CVE-2018-17881 1D Link 1Dir 823g Firmware Nov 21, 2024 Oct 3, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.
CVE-2018-17880 1D Link 1Dir 823g Firmware Nov 21, 2024 Oct 3, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot.
CVE-2018-17787 1D Link 1Dir 823g Firmware Nov 21, 2024 Oct 2, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function.
CVE-2018-17786 1D Link 1Dir 823g Firmware Nov 21, 2024 Oct 2, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code.