Dlink Dir-2150 Firmware vulnerabilities

CVE-2024-5291 [HIGH] CWE-78 CVE-2024-5291: D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which li

CVE-2023-34275 [HIGH] CWE-78 CVE-2023-34275: D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vul D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp

CVE-2023-34279 [HIGH] CWE-78 CVE-2023-34279: D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which

CVE-2023-34277 [HIGH] CWE-78 CVE-2023-34277: D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerabilit D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass

CVE-2023-34280 [HIGH] CWE-78 CVE-2023-34280: D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. T D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

CVE-2023-34274 [HIGH] CWE-303 CVE-2023-34274: D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication By D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SO

CVE-2023-34281 [HIGH] CWE-78 CVE-2023-34281: D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th

CVE-2023-34282 [HIGH] CWE-303 CVE-2023-34282: D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vuln D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API in

CVE-2023-34276 [HIGH] CWE-78 CVE-2023-34276: D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerabili D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas

CVE-2023-34278 [HIGH] CWE-78 CVE-2023-34278: D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed

CVE-2024-0717 [MEDIUM] CWE-200 CVE-2024-0717: A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DI A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530,

CVE-2022-3210 [HIGH] CWE-78 CVE-2022-3210: This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected insta This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of

CVE-2022-40717 [HIGH] CWE-121 CVE-2022-40717: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DI This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length o

CVE-2022-40719 [HIGH] CWE-78 CVE-2022-40719: This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected insta This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the fee

CVE-2022-40718 [HIGH] CWE-121 CVE-2022-40718: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DI This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length o

CVE-2022-40720 [HIGH] CWE-78 CVE-2022-40720: This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected insta This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lac