D-link : Security Vulnerabilities, CVEs, Published In 2017 (Code Execution)

CVE-2017-14429

The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.
Max CVSS
10.0
EPSS Score
1.50%
Published
2017-09-13
Updated
2023-11-17

CVE-2015-1187

Known exploited
Public exploit
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
Max CVSS
10.0
EPSS Score
93.83%
Published
2017-09-21
Updated
2023-11-08
CISA KEV Added
2022-03-25

CVE-2014-7859

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.
Max CVSS
9.8
EPSS Score
42.92%
Published
2017-08-25
Updated
2023-04-26
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close