Dlink Dap-1325 Firmware vulnerabilities
37 known vulnerabilities affecting dlink/dap-1325_firmware.
Total CVEs
37
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH36MEDIUM1
Vulnerabilities
Page 1 of 2
CVE-2023-53896HIGHCVSS 8.7v1.012025-12-16
CVE-2023-53896 [HIGH] CWE-306 CVE-2023-53896: D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows una
D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information by directly accessing the export settings script.
nvd
CVE-2023-44407HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-44407 [HIGH] CWE-121 CVE-2023-44407: D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerabi
D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of XML
nvd
CVE-2023-41203HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41203 [HIGH] CWE-121 CVE-2023-41203: D-Link DAP-1325 SetAPLanSettings PrimaryDNS Stack-based Buffer Overflow Remote Code Execution Vulner
D-Link DAP-1325 SetAPLanSettings PrimaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of
nvd
CVE-2023-41207HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41207 [HIGH] CWE-121 CVE-2023-41207: D-Link DAP-1325 SetHostIPv6StaticSettings StaticAddress Stack-based Buffer Overflow Remote Code Exec
D-Link DAP-1325 SetHostIPv6StaticSettings StaticAddress Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the
nvd
CVE-2023-41214HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41214 [HIGH] CWE-121 CVE-2023-41214: D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Executio
D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the hand
nvd
CVE-2023-44403HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-44403 [HIGH] CWE-78 CVE-2023-44403: D-Link DAP-1325 HNAP SetWLanRadioSettings Channel Command Injection Remote Code Execution Vulnerabil
D-Link DAP-1325 HNAP SetWLanRadioSettings Channel Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of a req
nvd
CVE-2023-41196HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41196 [HIGH] CWE-78 CVE-2023-41196: D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticAddress Command Injection Remote Code Execution
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handli
nvd
CVE-2023-41213HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41213 [HIGH] CWE-121 CVE-2023-41213: D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Executio
D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the hand
nvd
CVE-2023-41189HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41189 [HIGH] CWE-78 CVE-2023-41189: D-Link DAP-1325 HNAP SetAPLanSettings Gateway Command Injection Remote Code Execution Vulnerability.
D-Link DAP-1325 HNAP SetAPLanSettings Gateway Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of a request
nvd
CVE-2023-41197HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41197 [HIGH] CWE-78 CVE-2023-41197: D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDefaultGateway Command Injection Remote Code Ex
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDefaultGateway Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the
nvd
CVE-2023-44408HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-44408 [HIGH] CWE-121 CVE-2023-44408: D-Link DAP-1325 SetAPLanSettings IPAddr Stack-based Buffer Overflow Remote Code Execution Vulnerabil
D-Link DAP-1325 SetAPLanSettings IPAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of XML
nvd
CVE-2023-44404HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-44404 [HIGH] CWE-121 CVE-2023-44404: D-Link DAP-1325 get_value_from_app Stack-based Buffer Overflow Remote Code Execution Vulnerability.
D-Link DAP-1325 get_value_from_app Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of XML data p
nvd
CVE-2023-44409HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-44409 [HIGH] CWE-121 CVE-2023-44409: D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overflow Remote Code Execution Vulne
D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of
nvd
CVE-2023-41211HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41211 [HIGH] CWE-121 CVE-2023-41211: D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code
D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within
nvd
CVE-2023-41187HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41187 [HIGH] CWE-306 CVE-2023-41187: D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability. This vulnerability
D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the HNAP interface. The
nvd
CVE-2023-41194HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41194 [HIGH] CWE-78 CVE-2023-41194: D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerabili
D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of a requ
nvd
CVE-2023-44406HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-44406 [HIGH] CWE-121 CVE-2023-44406: D-Link DAP-1325 SetAPLanSettings DeviceName Stack-based Buffer Overflow Remote Code Execution Vulner
D-Link DAP-1325 SetAPLanSettings DeviceName Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of
nvd
CVE-2023-41209HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41209 [HIGH] CWE-121 CVE-2023-41209: D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS1 Stack-based Buffer Overflow Remote Code Executi
D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS1 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the han
nvd
CVE-2023-41198HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41198 [HIGH] CWE-78 CVE-2023-41198: D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Injection Remote Code Execution Vu
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling
nvd
CVE-2023-41193HIGHCVSS 8.8fixed in 1.09b032024-05-03
CVE-2023-41193 [HIGH] CWE-78 CVE-2023-41193: D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerabi
D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of a re
nvd
1 / 2Next →