Dlink Dir-845L Firmware vulnerabilities

9 known vulnerabilities affecting dlink/dir-845l_firmware.

Total CVEs

9

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL5HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2024-33110CRITICALCVSS 9.1≤ 1.01krb032024-05-06

CVE-2024-33110 [CRITICAL] CWE-287 CVE-2024-33110: D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php c D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component.

CVE-2024-33112HIGHCVSS 7.5≤ 1.01krb032024-05-06

CVE-2024-33112 [HIGH] CWE-78 CVE-2024-33112: D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()f D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.

CVE-2024-33111MEDIUMCVSS 5.4≤ 1.01krb032024-05-06

CVE-2024-33111 [MEDIUM] CWE-79 CVE-2024-33111: D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/j D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.

CVE-2024-33113MEDIUMCVSS 5.3PoC≤ 1.01krb032024-05-06

CVE-2024-33113 [MEDIUM] CWE-77 CVE-2024-33113: D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.

CVE-2024-29385CRITICALCVSS 9.0≤ 1.01krb032024-03-22

CVE-2024-29385 [CRITICAL] CWE-77 CVE-2024-29385: DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgib DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.

CVE-2024-29366HIGHCVSS 8.8≤ 1.01krb032024-03-22

CVE-2024-29366 [HIGH] CWE-77 CVE-2024-29366: A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KR A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03.

CVE-2022-38557CRITICALCVSS 9.8≥ 1.0.0, ≤ 1.0.32022-08-28

CVE-2022-38557 [CRITICAL] CWE-287 CVE-2022-38557: D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80tel D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.

CVE-2022-36755CRITICALCVSS 9.8≥ 1.0.0, ≤ 1.0.32022-08-28

CVE-2022-36755 [CRITICAL] CWE-287 CVE-2022-36755: D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demons D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php.

CVE-2022-36756CRITICALCVSS 9.8≥ 1.0.0, ≤ 1.0.32022-08-28

CVE-2022-36756 [CRITICAL] CWE-94 CVE-2022-36756: DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php.