cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-51624,https://securityvulnerability.io/vulnerability/CVE-2023-51624,D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability,"A vulnerability exists in D-Link DCS-8300LHV2 IP cameras where inadequate validation of the Authorization header by the RTSP server leads to a stack-based buffer overflow. This flaw, which occurs when the server, listening on TCP port 554, fails to check the length of user-supplied data before it is copied to a fixed-length buffer, allows network-adjacent attackers to execute arbitrary code without authentication. The executed code runs in the context of the root user, posing significant security risks to affected installations.",D-Link,Dcs-8300lhv2 Firmware,8.8,HIGH,0.0007399999885819852,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0
CVE-2023-51625,https://securityvulnerability.io/vulnerability/CVE-2023-51625,D-Link DCS-8300LHV2 ONVIF Command Injection Remote Code Execution Vulnerability,"A vulnerability has been identified in D-Link DCS-8300LHV2 IP cameras that allows network-adjacent attackers to execute arbitrary code. This arises due to improper validation of user-supplied strings in the ONVIF API's SetSystemDateAndTime command, which listens on TCP port 80. Although the application requires authentication, this mechanism can be bypassed, posing a significant risk. Exploiting this flaw enables attackers to run commands with root privileges, potentially compromising the affected device. For further details, reference the vendor advisory and associated ZDI alerts.",D-Link,Dcs-8300lhv2 Firmware,8,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0
CVE-2023-51626,https://securityvulnerability.io/vulnerability/CVE-2023-51626,D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Username Stack-Based Buffer Overflow Remote Code Execution Vulnerability,"A stack-based buffer overflow vulnerability in D-Link's DCS-8300LHV2 IP cameras arises from inadequate validation of user-supplied data length in the Authorization header by the RTSP server. Attackers on the same network can exploit this flaw, allowing unauthorized execution of arbitrary code with root privileges. The issue presents a significant security risk as it does not require authentication, making it accessible to potential intruders. The RTSP server listens on TCP port 554, further facilitating the exploit for savvy attackers.",D-Link,Dcs-8300lhv2 Firmware,8.8,HIGH,0.0007399999885819852,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0
CVE-2023-51627,https://securityvulnerability.io/vulnerability/CVE-2023-51627,D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability,"The D-Link DCS-8300LHV2 IP camera is impacted by a stack-based buffer overflow vulnerability, allowing network-adjacent attackers to execute arbitrary code. The flaw originates from improper validation of the length of user-supplied data in Duration XML elements, which leads to the potential bypassing of authentication mechanisms. Successful exploitation of this vulnerability can enable attackers to execute code with root privileges, posing significant security risks for deployed devices.",D-Link,Dcs-8300lhv2 Firmware,8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0
CVE-2023-51628,https://securityvulnerability.io/vulnerability/CVE-2023-51628,Stack-Based Buffer Overflow Remote Code Execution Vulnerability in D-Link DCS-8300LHV2 IP Cameras,"The D-Link DCS-8300LHV2 IP cameras are subject to a stack-based buffer overflow vulnerability due to improper validation of user-supplied data in the SetHostName ONVIF call. Although authentication is required to exploit this flaw, the mechanism can be bypassed, allowing network-adjacent attackers to execute arbitrary code in the context of root on affected devices. This security issue highlights the critical importance of robust validation processes in networked devices.",D-Link,Dcs-8300lhv2 Firmware,8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0
CVE-2023-51629,https://securityvulnerability.io/vulnerability/CVE-2023-51629,Hardcoded PIN Authentication Bypass Vulnerability Affects D-Link DCS-8300LHV2 IP Cameras,"The D-Link DCS-8300LHV2 IP cameras are susceptible to an authentication bypass vulnerability due to the implementation of a hardcoded PIN within the ONVIF API configuration. This flaw enables network-adjacent attackers to circumvent authentication mechanisms, creating a significant security risk as exploitation does not require any prior authentication. Organizations utilizing these cameras should take immediate action to secure their installations and mitigate potential unauthorized access.",D-Link,Dcs-8300lhv2 Firmware,8.8,HIGH,0.0005799999926239252,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0