D-link : Security Vulnerabilities, CVEs, Published In 2017 (Code Execution)
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.
Max CVSS
10.0
EPSS Score
1.50%
Published
2017-09-13
Updated
2023-11-17
CVE-2015-1187
Known exploited
Public exploit
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
Max CVSS
10.0
EPSS Score
93.83%
Published
2017-09-21
Updated
2023-11-08
CISA KEV Added
2022-03-25
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.
Max CVSS
9.8
EPSS Score
42.92%
Published
2017-08-25
Updated
2023-04-26
3 vulnerabilities found