cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-41140,https://securityvulnerability.io/vulnerability/CVE-2022-41140,Arbitrary Code Execution in D-Link Routers via Lighttpd Service,"This vulnerability in multiple D-Link routers allows attackers situated on the same network to execute arbitrary code without requiring authentication. The flaw is rooted in the lighttpd service, which operates on TCP port 80, where improper validation of incoming data length facilitates the copying of data into a fixed-length buffer. This insufficient validation enables attackers to manipulate the system, potentially executing code with root privileges. Immediate action is recommended to secure affected routers against this exploit.",D-link,Multiple Routers,8.8,HIGH,0.0010100000072270632,false,,false,false,false,,,false,false,,2023-01-26T00:00:00.000Z,0
CVE-2020-27862,https://securityvulnerability.io/vulnerability/CVE-2020-27862,Remote Code Execution Vulnerability in D-Link Routers,"This vulnerability permits attackers on the same network to execute arbitrary code on the D-Link DVA-2800 and DSL-2888A routers without requiring authentication. The flaw resides within the dhttpd service, which listens on TCP port 8008 by default. The service fails to validate user-supplied strings adequately when parsing the path parameter, enabling an attacker to manipulate the execution of a system call and potentially gain access to sensitive functionalities of the web server.",D-link,Multiple Routers,8.8,HIGH,0.003809999907389283,false,,false,false,false,,,false,false,,2021-02-12T00:15:00.000Z,0
CVE-2020-27863,https://securityvulnerability.io/vulnerability/CVE-2020-27863,Information Disclosure Vulnerability in D-Link DVA-2800 and DSL-2888A Routers,"An information disclosure vulnerability exists in D-Link DVA-2800 and DSL-2888A routers due to improper string matching logic in the dhttpd service running on TCP port 8008. This flaw allows network-adjacent attackers to access sensitive data without authentication, potentially revealing stored credentials and increasing the risk of further compromise. Users are advised to update their devices and strengthen security configurations to mitigate the risk associated with this vulnerability.",D-link,Multiple Routers,6.5,MEDIUM,0.0031799999997019768,false,,false,false,false,,,false,false,,2021-02-12T00:15:00.000Z,0
CVE-2020-15633,https://securityvulnerability.io/vulnerability/CVE-2020-15633,Authentication Bypass Vulnerability in D-Link Routers,"This vulnerability affects D-Link DIR-867, DIR-878, and DIR-882 routers, allowing network-adjacent attackers to bypass authentication due to improper handling of HNAP requests. The flaw arises from incorrect string matching logic, enabling unauthorized access to protected pages. An attacker can exploit this vulnerability to escalate privileges and execute arbitrary code within the router's context.",D-link,Multiple Routers,8.8,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2020-07-23T20:45:18.000Z,0
CVE-2020-8863,https://securityvulnerability.io/vulnerability/CVE-2020-8863,"Authentication Bypass Vulnerability in D-Link DIR-867, DIR-878, and DIR-882 Routers","This vulnerability enables attackers on the same network to bypass authentication in D-Link DIR-867, DIR-878, and DIR-882 routers, specifically those running firmware version 1.10B04. The flaw resides in the improper handling of HNAP login requests, leading to an unforeseen lack of necessary authentication. Consequently, attackers can exploit this weakness to escalate privileges and execute arbitrary code within the affected router's context, posing significant risks to network integrity and security.",D-link,Multiple Routers,8.8,HIGH,0.0020200000144541264,false,,false,false,false,,,false,false,,2020-03-23T20:25:23.000Z,0
CVE-2020-8864,https://securityvulnerability.io/vulnerability/CVE-2020-8864,Authentication Bypass in D-Link Routers Leading to Arbitrary Code Execution,"This vulnerability enables network-adjacent attackers to bypass authentication on specific D-Link router models, including DIR-867, DIR-878, and DIR-882, running firmware version 1.10B04. The flaw arises from improper handling of empty passwords within the HNAP login request process. As a result, attackers can exploit this vulnerability to execute arbitrary code on the affected routers, potentially compromising the device's functionality and user data. Reference information can be found on the Zero Day Initiative's advisory page and D-Link's support announcement.",D-link,Multiple Routers,8.8,HIGH,0.7901399731636047,false,,false,false,false,,,false,false,,2020-03-23T20:25:23.000Z,0