cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10916,https://securityvulnerability.io/vulnerability/CVE-2024-10916,,"A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",D-Link,Dns-320 Firmware,5.3,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-11-06T15:15:00.000Z,0
CVE-2024-10914,https://securityvulnerability.io/vulnerability/CVE-2024-10914,D-Link Routers Vulnerable to OS Command Injection Attacks,"A vulnerability exists in D-Link network attached storage devices, including the DNS-320, DNS-320LW, DNS-325, and DNS-340L, which allows for OS command injection. This issue arises in the cgi_user_add function of the /cgi-bin/account_mgr.cgi interface, where improper handling of the 'name' argument can be exploited. The attack can be executed remotely, although the complexity of successfully exploiting this vulnerability is relatively high and requires advanced knowledge. Public disclosure of the exploit amplifies the risk, necessitating immediate attention to secure affected devices.",D-Link,Dns-320 Firmware,9.8,CRITICAL,0.16929000616073608,false,true,false,true,true,true,true,2024-11-06T14:15:00.000Z,9109
CVE-2024-10915,https://securityvulnerability.io/vulnerability/CVE-2024-10915,OS Command Injection Vulnerability in D-Link NAS Products,"A vulnerability exists in D-Link's DNS-320, DNS-320LW, DNS-325, and DNS-340L NAS devices, specifically within the cgi_user_add function of the /cgi-bin/account_mgr.cgi endpoint. This issue is caused by improper handling of the 'group' argument, which leads to potential OS command injection. Remote attackers can exploit this vulnerability to execute arbitrary commands on the affected devices. Although the complexity of the attack is high, the public disclosure of the exploit raises concerns about the security posture of networks utilizing these devices. Users are advised to apply any available patches or mitigations.",D-Link,Dns-320 Firmware,9.8,CRITICAL,0.23746000230312347,false,false,false,false,,false,false,2024-11-06T14:15:00.000Z,0
CVE-2020-25506,https://securityvulnerability.io/vulnerability/CVE-2020-25506,,"D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.",D-Link,Dns-320 Firmware,9.8,CRITICAL,0.9731299877166748,true,false,false,true,,false,false,2021-02-02T13:00:11.000Z,0
CVE-2019-16057,https://securityvulnerability.io/vulnerability/CVE-2019-16057,,The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.,D-Link,Dns-320 Firmware,9.8,CRITICAL,0.9755899906158447,true,false,true,true,,false,false,2019-09-16T11:58:14.000Z,0