This could lead to remote code execution in the netd server with no additional execution privileges needed. In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. User interaction is needed for exploitation.
This could lead to remote code execution with no additional execution privileges needed. In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings.ĭynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings.Īn issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. The vulnerability does not need any authentication.ĭ-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.Īn issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.Ī SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in with the index.php/Pay/passcodeAuth parameter passcode.
web/Lib/Action/ in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.Īn issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6.
0 kommentar(er)
