D-Link Dir-822 Firmware vulnerabilities

5 known vulnerabilities affecting d-link/dir-822_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL5

Vulnerabilities

Page 1 of 1
CVE-2019-6258CRITICALCVSS 9.8≤ 2.02krb062020-08-18
CVE-2019-6258 [CRITICAL] CWE-120 CVE-2019-6258: D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long Ma D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file.
nvd
CVE-2018-19986CRITICALCVSS 9.8Exploitedv202krb062019-05-13
CVE-2018-19986 [CRITICAL] CWE-78 CVE-2018-19986: In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerabili In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the
nvd
CVE-2018-19990CRITICALCVSS 9.8v202krb062019-05-13
CVE-2018-19990 [CRITICAL] CWE-78 CVE-2018-19990: In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and $rphyinf2."/media/wps/enrollee/pin" and $rphyinf3."/media/wps/enrollee/pin" internal co
nvd
CVE-2018-19989CRITICALCVSS 9.8v202krb062019-05-13
CVE-2018-19989 [CRITICAL] CWE-78 CVE-2018-19989: In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affe In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth internal configuration memory without any regex checkin
nvd
CVE-2018-19987CRITICALCVSS 9.8v202krb062019-05-13
CVE-2018-19987 [CRITICAL] CWE-78 CVE-2018-19987: D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B0 D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without
nvd