Dlink Dir-823G Firmware vulnerabilities
57 known vulnerabilities affecting dlink/dir-823g_firmware.
Total CVEs
57
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH32MEDIUM12
Vulnerabilities
Page 3 of 3
CVE-2022-44201CRITICALCVSS 9.8v1.02b052022-11-22
CVE-2022-44201 [CRITICAL] CWE-78 CVE-2022-44201: D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
nvd
CVE-2022-43109CRITICALCVSS 9.8v1.0.22022-11-03
CVE-2022-43109 [CRITICAL] CWE-77 CVE-2022-43109: D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNet
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet.
nvd
CVE-2021-43474CRITICALCVSS 9.8v1.02b052022-04-07
CVE-2021-43474 [CRITICAL] CWE-77 CVE-2021-43474: An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function
nvd
CVE-2020-25367CRITICALCVSS 9.8v1.0.2b052021-11-04
CVE-2020-25367 [CRITICAL] CWE-78 CVE-2020-25367: A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices wi
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
nvd
CVE-2020-25368CRITICALCVSS 9.8v1.02b052021-11-04
CVE-2020-25368 [CRITICAL] CWE-78 CVE-2020-25368: A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices wi
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
nvd
CVE-2020-25366CRITICALCVSS 9.1v1.02b052021-11-04
CVE-2020-25366 [CRITICAL] CWE-862 CVE-2020-25366: An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attac
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.
nvd
CVE-2019-15526HIGHCVSS 8.8v1.0.2b052019-08-23
CVE-2019-15526 [HIGH] CVE-2019-15526: An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injec
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.
nvd
CVE-2019-15530HIGHCVSS 8.8v1.0.2b052019-08-23
CVE-2019-15530 [HIGH] CWE-78 CVE-2019-15530: An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injec
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.
nvd
CVE-2019-15527HIGHCVSS 8.8v1.0.2b052019-08-23
CVE-2019-15527 [HIGH] CWE-78 CVE-2019-15527: An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injec
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.
nvd
CVE-2019-15529HIGHCVSS 8.8v1.0.2b052019-08-23
CVE-2019-15529 [HIGH] CWE-78 CVE-2019-15529: An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injec
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.
nvd
CVE-2019-15528HIGHCVSS 8.8v1.0.2b052019-08-23
CVE-2019-15528 [HIGH] CWE-78 CVE-2019-15528: An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injec
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.
nvd
CVE-2019-13128HIGHCVSS 8.8v1.02b032019-07-01
CVE-2019-13128 [HIGH] CWE-78 CVE-2019-13128: An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injecti
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings.
nvd
CVE-2019-8392HIGHCVSS 7.5v1.02b032019-02-17
CVE-2019-8392 [HIGH] CVE-2019-8392: An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.
nvd
CVE-2019-7388HIGHCVSS 7.5v1.02b032019-02-05
CVE-2019-7388 [HIGH] CWE-200 CVE-2019-7388: An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is i
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.
nvd
CVE-2019-7390HIGHCVSS 8.6v1.02b032019-02-05
CVE-2019-7390 [HIGH] CWE-306 CVE-2019-7390: An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is i
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.
nvd
CVE-2019-7389HIGHCVSS 7.5v1.02b032019-02-05
CVE-2019-7389 [HIGH] CWE-306 CVE-2019-7389: An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication.
nvd
CVE-2019-7298HIGHCVSS 8.1≤ 1.02b032019-02-01
CVE-2019-7298 [HIGH] CWE-78 CVE-2019-7298: An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injectio
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for
nvd
← Previous3 / 3