Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dir\-878_firmware
(Dlink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-01-26 | CVE-2022-41140 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code... | Dir\-867_firmware, Dir\-878_firmware, Dir\-882\-Us_firmware | 8.8 | ||
| 2023-04-07 | CVE-2023-24798 | D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | Dir\-878_firmware | 9.8 | ||
| 2023-04-07 | CVE-2023-24799 | D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | Dir\-878_firmware | 9.8 | ||
| 2023-04-07 | CVE-2023-24800 | D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | Dir\-878_firmware | 9.8 | ||
| 2023-04-09 | CVE-2023-27720 | D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | Dir\-878_firmware | 9.8 | ||
| 2024-01-19 | CVE-2024-0717 | A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W,... | Dap\-1360_firmware, Dir\-1210_firmware, Dir\-1260_firmware, Dir\-2150_firmware, Dir\-300_firmware, Dir\-615_firmware, Dir\-615gf_firmware, Dir\-615s_firmware, Dir\-615t_firmware, Dir\-620_firmware, Dir\-620s_firmware, Dir\-806a_firmware, Dir\-815\/ac_firmware, Dir\-815_firmware, Dir\-815s_firmware, Dir\-816_firmware, Dir\-820_firmware, Dir\-822_firmware, Dir\-825_firmware, Dir\-825ac_firmware, Dir\-825acf_firmware, Dir\-825acg1_firmware, Dir\-841_firmware, Dir\-842_firmware, Dir\-842s_firmware, Dir\-843_firmware, Dir\-853_firmware, Dir\-878_firmware, Dir\-882_firmware, Dir\-X1530_firmware, Dir\-X1860_firmware, Dsl\-224_firmware, Dsl\-245gr_firmware, Dsl\-2640u_firmware, Dsl\-2750u_firmware, Dsl\-G2452gr_firmware, Dvg\-5402g\/gfru_firmware, Dvg\-5402g_firmware, Dvg\-N5402g\/il_firmware, Dvg\-N5402g_firmware, Dwm\-312w_firmware, Dwm\-321_firmware, Dwr\-921_firmware, Dwr\-953_firmware | 5.3 | ||
| 2019-02-13 | CVE-2019-8313 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv6FirewallSettings API function, as demonstrated by shell... | Dir\-878_firmware | 8.8 | ||
| 2019-02-13 | CVE-2019-8314 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetQoSSettings API function, as demonstrated by shell... | Dir\-878_firmware | 8.8 | ||
| 2019-02-13 | CVE-2019-8315 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv4FirewallSettings API function, as demonstrated by shell... | Dir\-878_firmware | 8.8 | ||
| 2019-02-13 | CVE-2019-8316 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWebFilterSettings API function, as demonstrated by shell... | Dir\-878_firmware | 8.8 |