Search criteria
33 vulnerabilities found for di-7400g\+_firmware by dlink
FKIE_CVE-2025-9769
Vulnerability from fkie_nvd - Published: 2025-09-01 08:15 - Updated: 2025-09-04 16:43
Severity ?
4.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/xyh4ck/iot_poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/xyh4ck/iot_poc#vulnerability-verification-process | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.322069 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.322069 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.640779 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.dlink.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/xyh4ck/iot_poc | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/xyh4ck/iot_poc#vulnerability-verification-process | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7400g\+_firmware | 19.12.25a1 | |
| dlink | di-7400g\+ | v2.a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:19.12.25a1:*:*:*:*:*:*:*",
"matchCriteriaId": "79DC3EDC-5CAC-4B65-8AF2-50CFC3AEF146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.a1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A0476C3-67B7-4028-B65A-A695C70D48AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 \u003e poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited."
}
],
"id": "CVE-2025-9769",
"lastModified": "2025-09-04T16:43:56.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-09-01T08:15:33.070",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xyh4ck/iot_poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xyh4ck/iot_poc#vulnerability-verification-process"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.322069"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.322069"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.640779"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.dlink.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xyh4ck/iot_poc"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xyh4ck/iot_poc#vulnerability-verification-process"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-57105
Vulnerability from fkie_nvd - Published: 2025-08-22 17:15 - Updated: 2025-10-02 13:07
Severity ?
Summary
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://di-7400.com | Broken Link | |
| cve@mitre.org | https://github.com/xyh4ck/iot_poc | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-7400G%2B | Product | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Not Applicable | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/xyh4ck/iot_poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7400g\+_firmware | 19.12.25a1 | |
| dlink | di-7400g\+ | a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:19.12.25a1:*:*:*:*:*:*:*",
"matchCriteriaId": "79DC3EDC-5CAC-4B65-8AF2-50CFC3AEF146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC8863C-DDFF-40BA-AB5A-6BC574FB9089",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host."
},
{
"lang": "es",
"value": "El enrutador DI-7400G+ presenta una vulnerabilidad de inyecci\u00f3n de comandos que permite a los atacantes ejecutar comandos arbitrarios en el dispositivo. La funci\u00f3n sub_478D28 se encuentra en mng_platform.asp y la funci\u00f3n sub_4A12DC en wayos_ac_server.asp del programa jhttpd, con el par\u00e1metro ac_mng_srv_host."
}
],
"id": "CVE-2025-57105",
"lastModified": "2025-10-02T13:07:11.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-22T17:15:35.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://di-7400.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xyh4ck/iot_poc"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-7400G%2B"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xyh4ck/iot_poc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-45579
Vulnerability from fkie_nvd - Published: 2023-10-16 07:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro ip/type de la funci\u00f3n jingx.asp."
}
],
"id": "CVE-2023-45579",
"lastModified": "2024-11-21T08:26:59.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T07:15:09.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45580
Vulnerability from fkie_nvd - Published: 2023-10-16 07:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function"
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de wild/mx y otros par\u00e1metros de la funci\u00f3n ddns.asp."
}
],
"id": "CVE-2023-45580",
"lastModified": "2024-11-21T08:26:59.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T07:15:09.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45577
Vulnerability from fkie_nvd - Published: 2023-10-16 07:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de pila en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro wanid de la funci\u00f3n H5/speedlimit.data."
}
],
"id": "CVE-2023-45577",
"lastModified": "2024-11-21T08:26:59.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T07:15:08.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45578
Vulnerability from fkie_nvd - Published: 2023-10-16 07:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro pap_en/chap_en de la funci\u00f3n pppoe_base.asp."
}
],
"id": "CVE-2023-45578",
"lastModified": "2024-11-21T08:26:59.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T07:15:08.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45576
Vulnerability from fkie_nvd - Published: 2023-10-16 07:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro remove_ext_proto/remove_ext_port de la funci\u00f3n upnp_ctrl.asp."
}
],
"id": "CVE-2023-45576",
"lastModified": "2024-11-21T08:26:59.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T07:15:08.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45574
Vulnerability from fkie_nvd - Published: 2023-10-16 06:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro fn de la funci\u00f3n file.data."
}
],
"id": "CVE-2023-45574",
"lastModified": "2024-11-21T08:26:59.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T06:15:12.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45572
Vulnerability from fkie_nvd - Published: 2023-10-16 06:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro fn de la funci\u00f3n tgfile.htm."
}
],
"id": "CVE-2023-45572",
"lastModified": "2024-11-21T08:26:58.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T06:15:12.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45575
Vulnerability from fkie_nvd - Published: 2023-10-16 06:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de pila en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro ip de la funci\u00f3n ip_position.asp."
}
],
"id": "CVE-2023-45575",
"lastModified": "2024-11-21T08:26:59.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T06:15:12.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45573
Vulnerability from fkie_nvd - Published: 2023-10-16 06:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro n de la funci\u00f3n mrclfile_del.asp."
}
],
"id": "CVE-2023-45573",
"lastModified": "2024-11-21T08:26:58.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T06:15:12.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-9769 (GCVE-0-2025-9769)
Vulnerability from cvelistv5 – Published: 2025-09-01 08:02 – Updated: 2025-09-02 15:10
VLAI?
Title
D-Link DI-7400G+ mng_platform.asp sub_478D28 command injection
Summary
A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
xuanyu (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9769",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T14:29:29.628206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T15:10:33.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xyh4ck/iot_poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xyh4ck/iot_poc#vulnerability-verification-process"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DI-7400G+",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "19.12.25A1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xuanyu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 \u003e poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in D-Link DI-7400G+ 19.12.25A1 entdeckt. Dabei geht es um die Funktion sub_478D28 der Datei /mng_platform.asp. Die Bearbeitung des Arguments addr unter Verwendung des Wertes `echo 12345 \u003e poc.txt` verursacht command injection. Ein Angriff auf das physische Ger\u00e4t kann durchgef\u00fchrt werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T08:02:07.559Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-322069 | D-Link DI-7400G+ mng_platform.asp sub_478D28 command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.322069"
},
{
"name": "VDB-322069 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.322069"
},
{
"name": "Submit #640779 | D-Link DI-7400G+ 19.12.25A1 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.640779"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xyh4ck/iot_poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xyh4ck/iot_poc#vulnerability-verification-process"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-31T19:15:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-7400G+ mng_platform.asp sub_478D28 command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9769",
"datePublished": "2025-09-01T08:02:07.559Z",
"dateReserved": "2025-08-31T17:10:22.972Z",
"dateUpdated": "2025-09-02T15:10:33.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57105 (GCVE-0-2025-57105)
Vulnerability from cvelistv5 – Published: 2025-08-22 00:00 – Updated: 2025-08-26 14:08
VLAI?
Summary
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57105",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T13:13:25.639815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:08:12.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xyh4ck/iot_poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T16:19:23.075Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "http://di-7400.com"
},
{
"url": "https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-7400G%2B"
},
{
"url": "https://github.com/xyh4ck/iot_poc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57105",
"datePublished": "2025-08-22T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-08-26T14:08:12.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45580 (GCVE-0-2023-45580)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-10-16 15:01
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:19:03.398661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T15:01:53.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T21:06:46.625577",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45580",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-10-16T15:01:53.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45575 (GCVE-0-2023-45575)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:28
VLAI?
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:22:42.549572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:28:16.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T18:45:00.944649",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45575",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:28:16.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45577 (GCVE-0-2023-45577)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-18 16:10
VLAI?
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T16:05:14.060563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:10:57.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T18:53:01.094984",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45577",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T16:10:57.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45574 (GCVE-0-2023-45574)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:35
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:31:34.936258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:35:48.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:18:11.333633",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45574",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:35:48.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45578 (GCVE-0-2023-45578)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-18 14:16
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:10:47.032855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:16:25.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:22:48.996130",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45578",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T14:16:25.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45572 (GCVE-0-2023-45572)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-08-02 20:21
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:11:31.593672",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45572",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-08-02T20:21:16.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45573 (GCVE-0-2023-45573)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:39
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:36:09.770808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:39:42.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T21:01:57.752094",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45573",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:39:42.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45576 (GCVE-0-2023-45576)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:05
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T18:39:19.511593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:05:48.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:03:19.724593",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45576",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:05:48.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9769 (GCVE-0-2025-9769)
Vulnerability from nvd – Published: 2025-09-01 08:02 – Updated: 2025-09-02 15:10
VLAI?
Title
D-Link DI-7400G+ mng_platform.asp sub_478D28 command injection
Summary
A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
xuanyu (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9769",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T14:29:29.628206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T15:10:33.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xyh4ck/iot_poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xyh4ck/iot_poc#vulnerability-verification-process"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DI-7400G+",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "19.12.25A1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xuanyu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 \u003e poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in D-Link DI-7400G+ 19.12.25A1 entdeckt. Dabei geht es um die Funktion sub_478D28 der Datei /mng_platform.asp. Die Bearbeitung des Arguments addr unter Verwendung des Wertes `echo 12345 \u003e poc.txt` verursacht command injection. Ein Angriff auf das physische Ger\u00e4t kann durchgef\u00fchrt werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T08:02:07.559Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-322069 | D-Link DI-7400G+ mng_platform.asp sub_478D28 command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.322069"
},
{
"name": "VDB-322069 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.322069"
},
{
"name": "Submit #640779 | D-Link DI-7400G+ 19.12.25A1 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.640779"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xyh4ck/iot_poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xyh4ck/iot_poc#vulnerability-verification-process"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-31T19:15:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-7400G+ mng_platform.asp sub_478D28 command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9769",
"datePublished": "2025-09-01T08:02:07.559Z",
"dateReserved": "2025-08-31T17:10:22.972Z",
"dateUpdated": "2025-09-02T15:10:33.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57105 (GCVE-0-2025-57105)
Vulnerability from nvd – Published: 2025-08-22 00:00 – Updated: 2025-08-26 14:08
VLAI?
Summary
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57105",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T13:13:25.639815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:08:12.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xyh4ck/iot_poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T16:19:23.075Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "http://di-7400.com"
},
{
"url": "https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-7400G%2B"
},
{
"url": "https://github.com/xyh4ck/iot_poc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57105",
"datePublished": "2025-08-22T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-08-26T14:08:12.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45580 (GCVE-0-2023-45580)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-10-16 15:01
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:19:03.398661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T15:01:53.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T21:06:46.625577",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45580",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-10-16T15:01:53.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45575 (GCVE-0-2023-45575)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:28
VLAI?
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:22:42.549572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:28:16.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T18:45:00.944649",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45575",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:28:16.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45577 (GCVE-0-2023-45577)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-18 16:10
VLAI?
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T16:05:14.060563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:10:57.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T18:53:01.094984",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45577",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T16:10:57.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45574 (GCVE-0-2023-45574)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:35
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:31:34.936258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:35:48.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:18:11.333633",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45574",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:35:48.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45578 (GCVE-0-2023-45578)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-18 14:16
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:10:47.032855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:16:25.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:22:48.996130",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45578",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T14:16:25.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45572 (GCVE-0-2023-45572)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-08-02 20:21
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:11:31.593672",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45572",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-08-02T20:21:16.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45573 (GCVE-0-2023-45573)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:39
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:36:09.770808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:39:42.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T21:01:57.752094",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45573",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:39:42.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}