cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2023-51614,https://securityvulnerability.io/vulnerability/CVE-2023-51614,Remote Code Execution Vulnerability in D-Link DIR-X3260 Routers,"D-Link DIR-X3260 prog.cgi SetQuickVPNSettings Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21591.",D-Link,Dir-x3260 Firmware,6.8,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51617,https://securityvulnerability.io/vulnerability/CVE-2023-51617,Remote Code Execution Vulnerability in D-Link DIR-X3260 Routers,"D-Link DIR-X3260 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21594.",D-Link,Dir-x3260 Firmware,6.8,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51618,https://securityvulnerability.io/vulnerability/CVE-2023-51618,Remote Code Execution Vulnerability in D-Link DIR-X3260 Routers,"D-Link DIR-X3260 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21595.",D-Link,Dir-x3260 Firmware,6.8,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51619,https://securityvulnerability.io/vulnerability/CVE-2023-51619,Remote Code Execution Vulnerability in D-Link DIR-X3260 Routers,"D-Link DIR-X3260 prog.cgi SetMyDLinkRegistration Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21667.",D-Link,Dir-x3260 Firmware,6.8,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51620,https://securityvulnerability.io/vulnerability/CVE-2023-51620,Stack-based Buffer Overflow Remote Code Execution Vulnerability in D-Link DIR-X3260 Routers,"D-Link DIR-X3260 prog.cgi SetIPv6PppoeSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21669.",D-Link,Dir-x3260 Firmware,6.8,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51623,https://securityvulnerability.io/vulnerability/CVE-2023-51623,Stack-based Buffer Overflow Remote Code Execution Vulnerability in D-Link DIR-X3260 Routers,"D-Link DIR-X3260 prog.cgi SetAPClientSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21673.",D-Link,Dir-x3260 Firmware,6.8,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51613,https://securityvulnerability.io/vulnerability/CVE-2023-51613,Remote Code Execution Vulnerability in D-Link DIR-X3260 Routers,"The D-Link DIR-X3260 router is susceptible to a stack-based buffer overflow vulnerability in the prog.cgi binary, which manages HNAP requests for the lighttpd web server operated on TCP ports 80 and 443. This flaw arises due to improper validation of user-supplied input, which allows an attacker to overwrite the stack memory of the application. Successful exploitation requires authentication and grants the attacker the ability to execute arbitrary code with root privileges on the affected device. This vulnerability highlights the importance of secure coding practices and proper input validation methods in network device firmware.",D-Link,Dir-x3260 Firmware,8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51615,https://securityvulnerability.io/vulnerability/CVE-2023-51615,Stack-Based Buffer Overflow Remote Code Execution Vulnerability in D-Link DIR-X3260 Routers,"D-Link DIR-X3260 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21592.",D-Link,Dir-x3260 Firmware,6.8,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51616,https://securityvulnerability.io/vulnerability/CVE-2023-51616,Remote Code Execution Vulnerability in D-Link DIR-X3260 Routers,"D-Link DIR-X3260 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21593.",D-Link,Dir-x3260 Firmware,6.8,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51621,https://securityvulnerability.io/vulnerability/CVE-2023-51621,Stack-based Buffer Overflow Remote Code Execution Vulnerability in D-Link DIR-X3260 Routers,"D-Link DIR-X3260 prog.cgi SetDeviceSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21670.",D-Link,Dir-x3260 Firmware,6.8,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51622,https://securityvulnerability.io/vulnerability/CVE-2023-51622,Stack-based Buffer Overflow Remote Code Execution Vulnerability in D-Link DIR-X3260 Routers,"D-Link DIR-X3260 prog.cgi SetTriggerPPPoEValidate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21672.",D-Link,Dir-x3260 Firmware,6.8,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-44427,https://securityvulnerability.io/vulnerability/CVE-2023-44427,D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injection Remote Code Execution Vulnerability,"The identified vulnerability in the D-Link DIR-X3260 router arises from a flaw in the handling of HNAP requests by the prog.cgi component. This vulnerability allows network-adjacent attackers to exploit improper validation processes to inject commands and execute arbitrary code. Although authentication is typically required, attackers can bypass existing mechanisms, paving the way for potential exploitation. The vulnerability particularly affects the lighttpd web server listening on TCP ports 80 and 443, enabling heightened risks for unprotected networks, especially if the router is configured to an insecure state.",D-link,Dir-x3260,8,HIGH,0.000699999975040555,false,false,false,false,,false,false,2024-05-03T02:13:54.474Z,0 CVE-2023-44426,https://securityvulnerability.io/vulnerability/CVE-2023-44426,D-Link DIR-X3260 SetSysEmailSettings AccountPassword Command Injection Remote Code Execution Vulnerability,"The issue in D-Link DIR-X3260 routers arises from improper validation in the prog.cgi file, which processes HNAP requests. Attackers positioned on the same network can exploit this insufficient validation, enabling them to execute arbitrary code with root privileges. The vulnerability is particularly concerning since it allows for the bypassing of the existing authentication mechanisms, thereby increasing the risk of unauthorized access to sensitive system functions.",D-link,Dir-x3260,8,HIGH,0.000699999975040555,false,false,false,false,,false,false,2024-05-03T02:13:53.760Z,0 CVE-2023-44425,https://securityvulnerability.io/vulnerability/CVE-2023-44425,D-Link DIR-X3260 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability,"A security vulnerability exists in the D-Link DIR-X3260 routers that allows for remote code execution through a command injection flaw. This vulnerability is exploitative even with authentication, as attackers are able to bypass the existing authentication mechanism. The flaw specifically impacts the prog.cgi component, which manages HNAP requests via the lighttpd web server on TCP ports 80 and 443. The lack of adequate validation on a user-supplied input string enables an attacker to execute arbitrary code with root privileges, leading to potential unauthorized access and control of the device.",D-link,Dir-x3260,8,HIGH,0.000699999975040555,false,false,false,false,,false,false,2024-05-03T02:13:52.992Z,0 CVE-2023-44424,https://securityvulnerability.io/vulnerability/CVE-2023-44424,EmailTo Command Injection Remote Code Execution Vulnerability,"The vulnerability in D-Link DIR-X3260 routers arises from command injection vulnerabilities within the SetSysEmailSettings functionality in prog.cgi. This flaw allows network-adjacent attackers with authentication privileges to execute arbitrary code, as the router fails to adequately validate user-supplied input before execution. The vulnerability can be exploited despite existing authentication controls, posing significant risks for users. The affected webserver, lighttpd, listens on TCP ports 80 and 443, enabling potential foundational breaches that compromise router integrity.",D-link,Dir-x3260,8,HIGH,0.000699999975040555,false,false,false,false,,false,false,2024-05-03T02:13:52.257Z,0 CVE-2023-44423,https://securityvulnerability.io/vulnerability/CVE-2023-44423,D-Link DIR-X3260 SetTriggerPPPoEValidate Password Command Injection Remote Code Execution Vulnerability,"A command injection vulnerability exists in D-Link DIR-X3260 routers, allowing network-adjacent attackers to execute arbitrary code on vulnerable installations. This issue arises from insufficient validation of user input in the prog.cgi program, which processes HNAP requests on the lighttpd web server. Although authentication is typically required, attackers can bypass this mechanism to gain unauthorized access. Successful exploitation enables them to run code with root privileges, posing significant security risks to affected network environments.",D-link,Dir-x3260,8,HIGH,0.000699999975040555,false,false,false,false,,false,false,2024-05-03T02:13:51.553Z,0 CVE-2023-44422,https://securityvulnerability.io/vulnerability/CVE-2023-44422,Email From Command Injection Remote Code Execution Vulnerability,"The D-Link DIR-X3260 router is vulnerable to a command injection flaw that allows network-adjacent attackers to execute arbitrary code. This vulnerability is associated with the prog.cgi program, which processes HNAP requests on the lighttpd webserver operating on TCP ports 80 and 443. The issue arises from inadequate validation of a user-supplied string within the execution of a system call, creating a pathway for attackers to bypass authentication mechanisms and gain root access. This vulnerability represents a significant risk to network security, as it can be exploited by unauthorized individuals to compromise the affected routers.",D-link,Dir-x3260,8,HIGH,0.000699999975040555,false,false,false,false,,false,false,2024-05-03T02:13:50.700Z,0 CVE-2023-44421,https://securityvulnerability.io/vulnerability/CVE-2023-44421,D-Link DIR-X3260 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability,"A command injection vulnerability exists in D-Link DIR-X3260 routers within the prog.cgi program. This flaw arises from inadequate validation of user-supplied strings while handling HNAP requests on the lighttpd web server. Network-adjacent attackers can exploit this vulnerability to execute arbitrary code with root privileges, posing a significant risk to network security. Despite the need for authentication to exploit this vulnerability, attackers may find ways to bypass existing authentication mechanisms.",D-link,Dir-x3260,8,HIGH,0.000699999975040555,false,false,false,false,,false,false,2024-05-03T02:13:49.947Z,0 CVE-2023-44420,https://securityvulnerability.io/vulnerability/CVE-2023-44420,Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability,"The D-Link DIR-X3260 routers are affected by an authentication bypass vulnerability due to a flawed implementation of the authentication algorithm in the prog.cgi component. This flaw allows network-adjacent attackers to exploit the vulnerability without needing any prior authentication, potentially leading to unauthorized access to the affected device. Exploitation of this vulnerability could result in unauthorized control over the router and compromise the security of the network it supports. Users are urged to assess their configurations and implement defense measures to mitigate risks.",D-link,Dir-x3260,8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T02:13:49.140Z,0 CVE-2023-44419,https://securityvulnerability.io/vulnerability/CVE-2023-44419,Remote Code Execution Vulnerability in D-Link DIR-X3260 Routers,"A vulnerability exists in D-Link DIR-X3260 routers, originating from a flaw in the prog.cgi binary, which is responsible for processing HNAP requests on the lighttpd webserver. This flaw arises due to inadequate verification of the length of user-supplied input before it is copied to a fixed-length stack-based buffer. As a result, network-adjacent malicious actors can exploit this vulnerability to achieve remote code execution, gaining control over affected systems without the need for authentication. Users of these routers should be aware of this risk and ensure that their systems are updated with the latest security patches.",D-link,Dir-x3260,8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T02:13:48.424Z,0 CVE-2023-44418,https://securityvulnerability.io/vulnerability/CVE-2023-44418,Heap-based Buffer Overflow Remote Code Execution Vulnerability,"A vulnerability present in the D-Link DIR-X3260 routers involves a heap-based buffer overflow flaw found within the prog.cgi binary. This binary manages the handling of HNAP requests for the lighttpd webserver. Inadequate validation of user-supplied data lengths before copying them to a fixed-length heap-based buffer exposes a significant risk. Network-adjacent attackers can exploit this issue without requiring authentication, enabling arbitrary code execution in the context of root permissions. The existence of this vulnerability underlines the need for stringent input validation mechanisms to secure devices against unauthorized access.",D-link,Dir-x3260,8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T02:13:47.733Z,0 CVE-2023-35723,https://securityvulnerability.io/vulnerability/CVE-2023-35723,D-Link DIR-X3260 prog.cgi SOAPAction Command Injection Remote Code Execution Vulnerability,"A security vulnerability has been identified in D-Link DIR-X3260 routers, allowing potential exploitation by network-adjacent attackers. This flaw is related to the handling of the SOAPAction request header in the prog.cgi endpoint, where insufficient validation of a user-supplied string can lead to arbitrary code execution. An attacker with knowledge of this vulnerability can execute commands in the context of root, posing significant risks for the affected installations. No authentication is required to exploit this issue, making it critical for users to address this vulnerability promptly.",D-link,Dir-x3260,8.8,HIGH,0.0004900000058114529,false,false,false,false,,false,false,2024-05-03T01:57:43.492Z,0