Archerber/bug_submit

Releases0

Stars1

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-46373 ↗	Oct 25, 2023Wednesday, 25 October 2023, 18:17	9.8 CRITICAL	—
TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses.
CVE-2023-46369 ↗	Oct 25, 2023Wednesday, 25 October 2023, 18:17	9.8 CRITICAL	—
Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function.
CVE-2023-46370 ↗	Oct 25, 2023Wednesday, 25 October 2023, 18:17	9.8 CRITICAL	—
Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.
CVE-2023-46371 ↗	Oct 25, 2023Wednesday, 25 October 2023, 18:17	9.8 CRITICAL	—
TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.
CVE-2023-45984 ↗	Oct 16, 2023Monday, 16 October 2023, 18:15	9.8 CRITICAL	—
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.
CVE-2023-45985 ↗	Oct 16, 2023Monday, 16 October 2023, 18:15	7.5 HIGH	—
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2023-45579 ↗	Oct 16, 2023Monday, 16 October 2023, 07:15	9.8 CRITICAL	—
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function.
CVE-2023-45580 ↗	Oct 16, 2023Monday, 16 October 2023, 07:15	9.8 CRITICAL	—
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function
CVE-2023-45576 ↗	Oct 16, 2023Monday, 16 October 2023, 07:15	9.8 CRITICAL	—
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function.
CVE-2023-45578 ↗	Oct 16, 2023Monday, 16 October 2023, 07:15	9.8 CRITICAL	—
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function.
CVE-2023-45577 ↗	Oct 16, 2023Monday, 16 October 2023, 07:15	9.8 CRITICAL	—
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function.
CVE-2023-45574 ↗	Oct 16, 2023Monday, 16 October 2023, 06:15	9.8 CRITICAL	—
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.
CVE-2023-45573 ↗	Oct 16, 2023Monday, 16 October 2023, 06:15	9.8 CRITICAL	—
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
CVE-2023-45572 ↗	Oct 16, 2023Monday, 16 October 2023, 06:15	9.8 CRITICAL	—
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.
CVE-2023-45575 ↗	Oct 16, 2023Monday, 16 October 2023, 06:15	9.8 CRITICAL	—
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function.
CVE-2023-44809 ↗	Oct 16, 2023Monday, 16 October 2023, 06:15	9.8 CRITICAL	—
D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.
CVE-2023-44808 ↗	Oct 16, 2023Monday, 16 October 2023, 06:15	9.8 CRITICAL	—
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function.
CVE-2023-36955 ↗	Oct 16, 2023Monday, 16 October 2023, 06:15	9.8 CRITICAL	—
TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
CVE-2023-36950 ↗	Oct 16, 2023Monday, 16 October 2023, 06:15	9.8 CRITICAL	—
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVE-2023-36953 ↗	Oct 16, 2023Monday, 16 October 2023, 06:15	9.8 CRITICAL	—
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.
CVE-2023-36954 ↗	Oct 16, 2023Monday, 16 October 2023, 06:15	9.8 CRITICAL	—
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.
CVE-2023-36340 ↗	Oct 16, 2023Monday, 16 October 2023, 05:15	9.8 CRITICAL	—
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVE-2023-36947 ↗	Oct 16, 2023Monday, 16 October 2023, 05:15	9.8 CRITICAL	—
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
CVE-2023-36952 ↗	Oct 16, 2023Monday, 16 October 2023, 05:15	9.8 CRITICAL	—
TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg.
CVE-2023-44807 ↗	Oct 6, 2023Friday, 6 October 2023, 17:15	9.8 CRITICAL	—
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function.
CVE-2023-43207 ↗	Sep 20, 2023Wednesday, 20 September 2023, 14:15	9.8 CRITICAL	—
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter.
CVE-2023-43206 ↗	Sep 20, 2023Wednesday, 20 September 2023, 14:15	9.8 CRITICAL	—
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter.
CVE-2023-43204 ↗	Sep 20, 2023Wednesday, 20 September 2023, 14:15	9.8 CRITICAL	—
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter.
CVE-2023-43203 ↗	Sep 20, 2023Wednesday, 20 September 2023, 14:15	9.8 CRITICAL	—
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.
CVE-2023-43202 ↗	Sep 20, 2023Wednesday, 20 September 2023, 14:15	9.8 CRITICAL	—
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.
CVE-2023-43201 ↗	Sep 20, 2023Wednesday, 20 September 2023, 14:15	9.8 CRITICAL	—
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.
CVE-2023-43200 ↗	Sep 20, 2023Wednesday, 20 September 2023, 14:15	9.8 CRITICAL	—
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.
CVE-2023-43199 ↗	Sep 20, 2023Wednesday, 20 September 2023, 14:15	9.8 CRITICAL	—
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.
CVE-2023-43198 ↗	Sep 20, 2023Wednesday, 20 September 2023, 14:15	9.8 CRITICAL	—
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.
CVE-2023-43197 ↗	Sep 20, 2023Wednesday, 20 September 2023, 14:15	9.8 CRITICAL	—
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.
CVE-2023-43196 ↗	Sep 20, 2023Wednesday, 20 September 2023, 14:15	9.8 CRITICAL	—
D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.
CVE-2023-29961 ↗	May 16, 2023Tuesday, 16 May 2023, 01:15	9.8 CRITICAL	—
D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,