cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-39668,https://securityvulnerability.io/vulnerability/CVE-2023-39668,Buffer Overflow Vulnerability in D-Link DIR-868L Router,"The D-Link DIR-868L router is susceptible to a buffer overflow vulnerability that arises from improper handling of input in the inet_ntoa() function, specifically through the param_2 parameter. Exploiting this vulnerability could allow an attacker to execute arbitrary code, potentially compromising the integrity and confidentiality of the device. Users are advised to review their firmware and apply necessary updates to mitigate this risk.",D-Link,Dir-868l Firmware,9.8,CRITICAL,0.0019399999873712659,false,false,false,false,,false,false,2023-08-18T03:15:00.000Z,0
CVE-2023-39667,https://securityvulnerability.io/vulnerability/CVE-2023-39667,Buffer Overflow Vulnerability in D-Link DIR-868L Router Firmware,"The D-Link DIR-868L router is vulnerable to a buffer overflow due to improper input validation in the param_2 parameter within the FUN_0000acb4 function. This flaw allows attackers to exploit the vulnerability to execute arbitrary code, potentially compromising the security of the router and the network it serves. Users should ensure their firmware is updated to mitigate possible threats.",D-Link,Dir-868l Firmware,9.8,CRITICAL,0.0019399999873712659,false,false,false,false,,false,false,2023-08-18T03:15:00.000Z,0
CVE-2023-39665,https://securityvulnerability.io/vulnerability/CVE-2023-39665,Buffer Overflow Vulnerability in D-Link DIR-868L Router,"A vulnerability affecting the D-Link DIR-868L router has been identified, allowing for a potential buffer overflow via the acStack_50 parameter. This weakness can lead to unauthorized access, enabling attackers to execute arbitrary code or destabilize the device's functionality. Users of affected firmware versions should take precautionary measures to mitigate potential risks.",D-Link,Dir-868l Firmware,9.8,CRITICAL,0.0019399999873712659,false,false,false,false,,false,false,2023-08-18T03:15:00.000Z,0
CVE-2023-29856,https://securityvulnerability.io/vulnerability/CVE-2023-29856,Buffer Overflow Vulnerability in D-Link DIR-868L Router,"The D-Link DIR-868L router is affected by a Buffer Overflow vulnerability in the scandir.sgi binary, which may allow an attacker to execute arbitrary code and potentially gain unauthorized access to the device. This could compromise the integrity and confidentiality of the data transmitted through the router. Users are advised to apply available firmware updates to mitigate this security risk. For detailed information, refer to D-Link's security bulletins and support announcements.",D-Link,Dir-868l Firmware,9.8,CRITICAL,0.002090000081807375,false,false,false,false,,false,false,2023-05-02T00:00:00.000Z,0
CVE-2017-14948,https://securityvulnerability.io/vulnerability/CVE-2017-14948,,"Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.",D-Link,Dir-868l Firmware,9.8,CRITICAL,0.00139999995008111,false,false,false,true,true,false,false,2019-10-14T17:03:25.000Z,0
CVE-2019-17506,https://securityvulnerability.io/vulnerability/CVE-2019-17506,,There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.,D-Link,Dir-868l B1 Firmware,9.8,CRITICAL,0.8478699922561646,false,false,false,false,,false,false,2019-10-11T19:29:43.000Z,0
CVE-2019-16190,https://securityvulnerability.io/vulnerability/CVE-2019-16190,,"SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.",D-Link,Dir-868l Firmware,9.8,CRITICAL,0.0059899999760091305,false,false,false,false,,false,false,2019-09-09T19:54:36.000Z,0
CVE-2018-19988,https://securityvulnerability.io/vulnerability/CVE-2018-19988,,"In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the '`telnetd`' string.",D-link,Dir-868l Firmware,9.8,CRITICAL,0.5455899834632874,false,false,false,false,,false,false,2019-05-13T13:24:27.000Z,0
CVE-2018-10957,https://securityvulnerability.io/vulnerability/CVE-2018-10957,,"CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components.",D-Link,Dir-868l Firmware,8.8,HIGH,0.010660000145435333,false,false,false,false,,false,false,2018-05-10T02:00:00.000Z,0
CVE-2016-5681,https://securityvulnerability.io/vulnerability/CVE-2016-5681,,"Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.",D-Link,Dir-868l Firmware,9.8,CRITICAL,0.01947999931871891,false,false,false,false,,false,false,2016-08-25T21:00:00.000Z,0