Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:dlink:dir-823g_firmware:1.02b03:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-44808 |
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. Published: November 22, 2022; 10:15:13 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2019-13128 |
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings. Published: July 01, 2019; 11:15:11 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2019-8392 |
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead. Published: February 16, 2019; 11:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-7390 |
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API. Published: February 04, 2019; 7:29:00 PM -0500 |
V3.0: 8.6 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-7389 |
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication. Published: February 04, 2019; 7:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2019-7388 |
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication. Published: February 04, 2019; 7:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-7298 |
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. Published: February 01, 2019; 1:29:00 AM -0500 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |