Dlink Dir-2640 Firmware vulnerabilities

CVE-2024-5293 [HIGH] CWE-121 CVE-2024-5293: D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This v D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within prog.cgi, which handles HNAP r

CVE-2023-32149 [HIGH] CWE-121 CVE-2023-32149: D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerab D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management

CVE-2023-32147 [MEDIUM] CWE-78 CVE-2023-32147: D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability. This vulnerabi D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specif

CVE-2023-32151 [MEDIUM] CWE-78 CVE-2023-32151: D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability. This vulnerabilit D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific

CVE-2023-32153 [MEDIUM] CWE-78 CVE-2023-32153: D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific fla

CVE-2023-32148 [MEDIUM] CWE-303 CVE-2023-32148: D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows net D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP po

CVE-2023-32152 [MEDIUM] CWE-303 CVE-2023-32152: D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows ne D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP p

CVE-2023-32150 [MEDIUM] CWE-78 CVE-2023-32150: D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability. This vulnerability D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific fla

CVE-2022-1262 [HIGH] CWE-78 CVE-2022-1262: A command injection vulnerability in the protest binary allows an attacker with access to the remote A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.