Search criteria
22 vulnerabilities found for di-7100g_firmware by dlink
CVE-2025-57636 (GCVE-0-2025-57636)
Vulnerability from nvd – Published: 2025-09-23 00:00 – Updated: 2025-09-24 18:41
VLAI?
Summary
OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47F028 function in jhttpd contains a command injection vulnerability via the HTTP parameter "time".
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57636",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:40:50.320423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:41:19.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47F028 function in jhttpd contains a command injection vulnerability via the HTTP parameter \"time\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T19:30:04.847Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/glkfc/IoT-Vulnerability/blob/main/D-Link/Dlink_1.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57636",
"datePublished": "2025-09-23T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-24T18:41:19.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57637 (GCVE-0-2025-57637)
Vulnerability from nvd – Published: 2025-09-23 00:00 – Updated: 2025-09-24 18:39
VLAI?
Summary
Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57637",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:38:33.729073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:39:03.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:44:28.882Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/glkfc/IoT-Vulnerability/blob/main/D-Link/Dlink_2.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57637",
"datePublished": "2025-09-23T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-24T18:39:03.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45580 (GCVE-0-2023-45580)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-10-16 15:01
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:19:03.398661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T15:01:53.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T21:06:46.625577",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45580",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-10-16T15:01:53.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45579 (GCVE-0-2023-45579)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-18 13:55
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.25D1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-700g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-700g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.23D1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "23.08.23D1,"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.23D1,",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.23E1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "23.08.23D1"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.23D1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:23:37.447332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:55:41.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:34:20.604248",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45579",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T13:55:41.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45578 (GCVE-0-2023-45578)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-18 14:16
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:10:47.032855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:16:25.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:22:48.996130",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45578",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T14:16:25.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45577 (GCVE-0-2023-45577)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-18 16:10
VLAI?
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T16:05:14.060563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:10:57.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T18:53:01.094984",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45577",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T16:10:57.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45576 (GCVE-0-2023-45576)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:05
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T18:39:19.511593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:05:48.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:03:19.724593",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45576",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:05:48.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45575 (GCVE-0-2023-45575)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:28
VLAI?
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:22:42.549572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:28:16.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T18:45:00.944649",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45575",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:28:16.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45574 (GCVE-0-2023-45574)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:35
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:31:34.936258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:35:48.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:18:11.333633",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45574",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:35:48.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45573 (GCVE-0-2023-45573)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:39
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:36:09.770808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:39:42.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T21:01:57.752094",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45573",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:39:42.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45572 (GCVE-0-2023-45572)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-08-02 20:21
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:11:31.593672",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45572",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-08-02T20:21:16.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57637 (GCVE-0-2025-57637)
Vulnerability from cvelistv5 – Published: 2025-09-23 00:00 – Updated: 2025-09-24 18:39
VLAI?
Summary
Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57637",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:38:33.729073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:39:03.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:44:28.882Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/glkfc/IoT-Vulnerability/blob/main/D-Link/Dlink_2.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57637",
"datePublished": "2025-09-23T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-24T18:39:03.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57636 (GCVE-0-2025-57636)
Vulnerability from cvelistv5 – Published: 2025-09-23 00:00 – Updated: 2025-09-24 18:41
VLAI?
Summary
OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47F028 function in jhttpd contains a command injection vulnerability via the HTTP parameter "time".
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57636",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:40:50.320423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:41:19.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47F028 function in jhttpd contains a command injection vulnerability via the HTTP parameter \"time\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T19:30:04.847Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/glkfc/IoT-Vulnerability/blob/main/D-Link/Dlink_1.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57636",
"datePublished": "2025-09-23T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-09-24T18:41:19.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45577 (GCVE-0-2023-45577)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-18 16:10
VLAI?
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T16:05:14.060563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:10:57.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T18:53:01.094984",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45577",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T16:10:57.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45575 (GCVE-0-2023-45575)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:28
VLAI?
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:22:42.549572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:28:16.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T18:45:00.944649",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45575",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:28:16.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45579 (GCVE-0-2023-45579)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-18 13:55
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.25D1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-700g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-700g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.23D1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "23.08.23D1,"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.23D1,",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.23E1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "23.08.23D1"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.23D1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:23:37.447332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:55:41.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:34:20.604248",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45579",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T13:55:41.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45578 (GCVE-0-2023-45578)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-18 14:16
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:10:47.032855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:16:25.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:22:48.996130",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45578",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T14:16:25.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45572 (GCVE-0-2023-45572)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-08-02 20:21
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:11:31.593672",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45572",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-08-02T20:21:16.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45573 (GCVE-0-2023-45573)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:39
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:36:09.770808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:39:42.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T21:01:57.752094",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45573",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:39:42.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45580 (GCVE-0-2023-45580)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-10-16 15:01
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:19:03.398661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T15:01:53.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T21:06:46.625577",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45580",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-10-16T15:01:53.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45576 (GCVE-0-2023-45576)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:05
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T18:39:19.511593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:05:48.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:03:19.724593",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45576",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:05:48.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45574 (GCVE-0-2023-45574)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-17 19:35
VLAI?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:31:34.936258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:35:48.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:18:11.333633",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45574",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:35:48.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}