D-Link G416 vulnerabilities

CVE-2024-6045 [HIGH] CWE-798 CVE-2024-6045: Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthent Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.

CVE-2024-6044 [MEDIUM] CWE-22 CVE-2024-6044: Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attac Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.

CVE-2024-5295 [HIGH] CWE-78 CVE-2024-5295: D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability all D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. Th

CVE-2023-50217 [HIGH] CWE-78 CVE-2023-50217: D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability. This vulnerability all D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue

CVE-2023-50201 [HIGH] CWE-78 CVE-2023-50201: D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability. This vulnerability D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The iss

CVE-2023-50211 [HIGH] CWE-121 CVE-2023-50211: D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vu D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service

CVE-2023-50210 [HIGH] CWE-121 CVE-2023-50210: D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulne D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service li

CVE-2023-50200 [HIGH] CWE-78 CVE-2023-50200: D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability. This vulnerabilit D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The

CVE-2023-50209 [HIGH] CWE-121 CVE-2023-50209: D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabil D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP p

CVE-2023-50216 [HIGH] CWE-78 CVE-2023-50216: D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability. This vu D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP por

CVE-2023-50203 [HIGH] CWE-78 CVE-2023-50203: D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability. This vulnerability D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The iss

CVE-2023-50205 [HIGH] CWE-78 CVE-2023-50205: D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability. This vulnerability D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The iss

CVE-2023-50198 [HIGH] CWE-78 CVE-2023-50198: D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability. This vulnerability allows D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The

CVE-2023-50213 [HIGH] CWE-78 CVE-2023-50213: D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability. This vulner D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80

CVE-2023-50204 [HIGH] CWE-78 CVE-2023-50204: D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vulnerability. This vulnerabilit D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port

CVE-2023-50207 [HIGH] CWE-78 CVE-2023-50207: D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability. This vulnerability D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The i

CVE-2023-50208 [HIGH] CWE-121 CVE-2023-50208: D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabil D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. T

CVE-2023-50199 [HIGH] CWE-306 CVE-2023-50199: D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on T

CVE-2023-50214 [HIGH] CWE-78 CVE-2023-50214: D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability. This vu D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP por

CVE-2023-50215 [HIGH] CWE-78 CVE-2023-50215: D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability. This vul D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port