D-Link Dir-878 Firmware vulnerabilities
3 known vulnerabilities affecting d-link/dir-878_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2020-15633HIGHCVSS 8.8≤ 1.20b052020-07-23
CVE-2020-15633 [HIGH] CWE-288 CVE-2020-15633: This vulnerability allows network-adjacent attackers to bypass authentication on affected installati
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching
nvd
CVE-2019-9124CRITICALCVSS 9.8v1.12b012019-02-25
CVE-2019-9124 [CRITICAL] CWE-287 CVE-2019-9124: An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in
An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password.
nvd
CVE-2019-9125CRITICALCVSS 9.8v1.12b012019-02-25
CVE-2019-9125 [CRITICAL] CWE-306 CVE-2019-9125: An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a st
An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header.
nvd