Dlink Dap-2020 Firmware vulnerabilities
18 known vulnerabilities affecting dlink/dap-2020_firmware.
Total CVEs
18
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH15MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-32145HIGHCVSS 8.8fixed in 1.03rc0042024-05-03
CVE-2023-32145 [HIGH] CWE-259 CVE-2023-32145: D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows
D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of login requests to the web-based u
nvd
CVE-2023-32140HIGHCVSS 7.5fixed in 1.03rc0042024-05-03
CVE-2023-32140 [HIGH] CWE-122 CVE-2023-32140: D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling requests t
nvd
CVE-2023-32142HIGHCVSS 8.8fixed in 1.03rc0042024-05-03
CVE-2023-32142 [HIGH] CWE-121 CVE-2023-32142: D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. Th
D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of requests to
nvd
CVE-2023-32138HIGHCVSS 8.8fixed in 1.03rc0042024-05-03
CVE-2023-32138 [HIGH] CWE-122 CVE-2023-32138: D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnera
D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of requests to the /cgi-
nvd
CVE-2023-32139HIGHCVSS 8.8fixed in 1.03rc0042024-05-03
CVE-2023-32139 [HIGH] CWE-121 CVE-2023-32139: D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulner
D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling requests to the /cgi-bi
nvd
CVE-2023-32141HIGHCVSS 8.8fixed in 1.03rc0042024-05-03
CVE-2023-32141 [HIGH] CWE-121 CVE-2023-32141: D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerabil
D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of requ
nvd
CVE-2023-32144HIGHCVSS 8.8fixed in 1.03rc0042024-05-03
CVE-2023-32144 [HIGH] CWE-121 CVE-2023-32144: D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnera
D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of r
nvd
CVE-2023-32136HIGHCVSS 8.8fixed in 1.03rc0042024-05-03
CVE-2023-32136 [HIGH] CWE-121 CVE-2023-32136: D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. Th
D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling requests to th
nvd
CVE-2023-32146HIGHCVSS 8.8fixed in 1.03rc0042024-05-03
CVE-2023-32146 [HIGH] CWE-121 CVE-2023-32146: D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability.
D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the /cgi-bin/webproc end
nvd
CVE-2023-32143HIGHCVSS 8.8fixed in 1.03rc0042024-05-03
CVE-2023-32143 [HIGH] CWE-197 CVE-2023-32143: D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This
D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of requests to t
nvd
CVE-2023-32137MEDIUMCVSS 6.5fixed in 1.03rc0042024-05-03
CVE-2023-32137 [MEDIUM] CWE-22 CVE-2023-32137: D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. Th
D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of re
nvd
CVE-2021-34862HIGHCVSS 8.8≤ 1.012021-10-25
CVE-2021-34862 [HIGH] CWE-121 CVE-2021-34862: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper v
nvd
CVE-2021-34861HIGHCVSS 8.8≤ 1.012021-10-25
CVE-2021-34861 [HIGH] CWE-121 CVE-2021-34861: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation
nvd
CVE-2021-34863HIGHCVSS 8.8≤ 1.012021-10-25
CVE-2021-34863 [HIGH] CWE-121 CVE-2021-34863: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper v
nvd
CVE-2021-34860MEDIUMCVSS 6.5≤ 1.012021-10-25
CVE-2021-34860 [MEDIUM] CWE-22 CVE-2021-34860: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of
nvd
CVE-2021-27249HIGHCVSS 8.8v1.012021-04-14
CVE-2021-27249 [HIGH] CWE-78 CVE-2021-27249: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied s
nvd
CVE-2021-27248HIGHCVSS 8.8v1.012021-04-14
CVE-2021-27248 [HIGH] CWE-121 CVE-2021-27248: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly valida
nvd
CVE-2021-27250MEDIUMCVSS 6.5v1.012021-04-14
CVE-2021-27250 [MEDIUM] CWE-73 CVE-2021-27250: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does
nvd