Search criteria
20 vulnerabilities found for g416 by dlink
VAR-202312-0528
Vulnerability from variot - Updated: 2025-09-24 23:05D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21297. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0528",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1820"
},
{
"db": "CNVD",
"id": "CNVD-2025-22325"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028311"
},
{
"db": "NVD",
"id": "CVE-2023-50204"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1820"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50204",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-22325",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50204",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50204",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50204",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50204",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50204",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50204",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50204",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-22325",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1820"
},
{
"db": "CNVD",
"id": "CNVD-2025-22325"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028311"
},
{
"db": "NVD",
"id": "CVE-2023-50204"
},
{
"db": "NVD",
"id": "CVE-2023-50204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21297. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50204"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028311"
},
{
"db": "ZDI",
"id": "ZDI-23-1820"
},
{
"db": "CNVD",
"id": "CNVD-2025-22325"
},
{
"db": "VULMON",
"id": "CVE-2023-50204"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50204",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1820",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028311",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21297",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-22325",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50204",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1820"
},
{
"db": "CNVD",
"id": "CNVD-2025-22325"
},
{
"db": "VULMON",
"id": "CVE-2023-50204"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028311"
},
{
"db": "NVD",
"id": "CVE-2023-50204"
}
]
},
"id": "VAR-202312-0528",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22325"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22325"
}
]
},
"last_update_date": "2025-09-24T23:05:19.205000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 flpl pythonapp command injection remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/734856"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1820"
},
{
"db": "CNVD",
"id": "CNVD-2025-22325"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028311"
},
{
"db": "NVD",
"id": "CVE-2023-50204"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1820/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50204"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50204"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1820"
},
{
"db": "CNVD",
"id": "CNVD-2025-22325"
},
{
"db": "VULMON",
"id": "CVE-2023-50204"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028311"
},
{
"db": "NVD",
"id": "CVE-2023-50204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1820"
},
{
"db": "CNVD",
"id": "CNVD-2025-22325"
},
{
"db": "VULMON",
"id": "CVE-2023-50204"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028311"
},
{
"db": "NVD",
"id": "CVE-2023-50204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1820"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22325"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028311"
},
{
"date": "2024-05-03T03:16:06.327000",
"db": "NVD",
"id": "CVE-2023-50204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1820"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22325"
},
{
"date": "2025-03-11T09:18:00",
"db": "JVNDB",
"id": "JVNDB-2023-028311"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50204"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028311"
}
],
"trust": 0.8
}
}
VAR-202312-0591
Vulnerability from variot - Updated: 2025-09-24 23:05D-Link G416 flupl pythonmodules Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21295. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0591",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1818"
},
{
"db": "CNVD",
"id": "CNVD-2025-22327"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028296"
},
{
"db": "NVD",
"id": "CVE-2023-50202"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1818"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50202",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-22327",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50202",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50202",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50202",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50202",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50202",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50202",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50202",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-22327",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1818"
},
{
"db": "CNVD",
"id": "CNVD-2025-22327"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028296"
},
{
"db": "NVD",
"id": "CVE-2023-50202"
},
{
"db": "NVD",
"id": "CVE-2023-50202"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 flupl pythonmodules Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21295. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50202"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028296"
},
{
"db": "ZDI",
"id": "ZDI-23-1818"
},
{
"db": "CNVD",
"id": "CNVD-2025-22327"
},
{
"db": "VULMON",
"id": "CVE-2023-50202"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50202",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1818",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028296",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21295",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-22327",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50202",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1818"
},
{
"db": "CNVD",
"id": "CNVD-2025-22327"
},
{
"db": "VULMON",
"id": "CVE-2023-50202"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028296"
},
{
"db": "NVD",
"id": "CVE-2023-50202"
}
]
},
"id": "VAR-202312-0591",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22327"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22327"
}
]
},
"last_update_date": "2025-09-24T23:05:19.172000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 flpl pythonmodules command injection remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/734871"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1818"
},
{
"db": "CNVD",
"id": "CNVD-2025-22327"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028296"
},
{
"db": "NVD",
"id": "CVE-2023-50202"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1818/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50202"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50202"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1818"
},
{
"db": "CNVD",
"id": "CNVD-2025-22327"
},
{
"db": "VULMON",
"id": "CVE-2023-50202"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028296"
},
{
"db": "NVD",
"id": "CVE-2023-50202"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1818"
},
{
"db": "CNVD",
"id": "CNVD-2025-22327"
},
{
"db": "VULMON",
"id": "CVE-2023-50202"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028296"
},
{
"db": "NVD",
"id": "CVE-2023-50202"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1818"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22327"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028296"
},
{
"date": "2024-05-03T03:16:05.950000",
"db": "NVD",
"id": "CVE-2023-50202"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1818"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22327"
},
{
"date": "2025-03-11T06:08:00",
"db": "JVNDB",
"id": "JVNDB-2023-028296"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50202"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028296"
}
],
"trust": 0.8
}
}
VAR-202312-0527
Vulnerability from variot - Updated: 2025-09-24 23:05D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21300. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0527",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1823"
},
{
"db": "CNVD",
"id": "CNVD-2025-22322"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028290"
},
{
"db": "NVD",
"id": "CVE-2023-50207"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1823"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50207",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-22322",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50207",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50207",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50207",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50207",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50207",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50207",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50207",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-22322",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1823"
},
{
"db": "CNVD",
"id": "CNVD-2025-22322"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028290"
},
{
"db": "NVD",
"id": "CVE-2023-50207"
},
{
"db": "NVD",
"id": "CVE-2023-50207"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21300. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50207"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028290"
},
{
"db": "ZDI",
"id": "ZDI-23-1823"
},
{
"db": "CNVD",
"id": "CNVD-2025-22322"
},
{
"db": "VULMON",
"id": "CVE-2023-50207"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50207",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1823",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028290",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21300",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-22322",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50207",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1823"
},
{
"db": "CNVD",
"id": "CNVD-2025-22322"
},
{
"db": "VULMON",
"id": "CVE-2023-50207"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028290"
},
{
"db": "NVD",
"id": "CVE-2023-50207"
}
]
},
"id": "VAR-202312-0527",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22322"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22322"
}
]
},
"last_update_date": "2025-09-24T23:05:19.143000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 flup lfilename command injection remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/734826"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1823"
},
{
"db": "CNVD",
"id": "CNVD-2025-22322"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028290"
},
{
"db": "NVD",
"id": "CVE-2023-50207"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1823/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50207"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50207"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1823"
},
{
"db": "CNVD",
"id": "CNVD-2025-22322"
},
{
"db": "VULMON",
"id": "CVE-2023-50207"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028290"
},
{
"db": "NVD",
"id": "CVE-2023-50207"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1823"
},
{
"db": "CNVD",
"id": "CNVD-2025-22322"
},
{
"db": "VULMON",
"id": "CVE-2023-50207"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028290"
},
{
"db": "NVD",
"id": "CVE-2023-50207"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1823"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22322"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028290"
},
{
"date": "2024-05-03T03:16:06.860000",
"db": "NVD",
"id": "CVE-2023-50207"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1823"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22322"
},
{
"date": "2025-03-11T05:54:00",
"db": "JVNDB",
"id": "JVNDB-2023-028290"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50207"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028290"
}
],
"trust": 0.8
}
}
VAR-202312-0599
Vulnerability from variot - Updated: 2025-09-24 23:05D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21807. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0599",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1829"
},
{
"db": "CNVD",
"id": "CNVD-2025-22321"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028310"
},
{
"db": "NVD",
"id": "CVE-2023-50213"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1829"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50213",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-22321",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50213",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50213",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50213",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50213",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50213",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50213",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50213",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-22321",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1829"
},
{
"db": "CNVD",
"id": "CNVD-2025-22321"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028310"
},
{
"db": "NVD",
"id": "CVE-2023-50213"
},
{
"db": "NVD",
"id": "CVE-2023-50213"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21807. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50213"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028310"
},
{
"db": "ZDI",
"id": "ZDI-23-1829"
},
{
"db": "CNVD",
"id": "CNVD-2025-22321"
},
{
"db": "VULMON",
"id": "CVE-2023-50213"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50213",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1829",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028310",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21807",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-22321",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50213",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1829"
},
{
"db": "CNVD",
"id": "CNVD-2025-22321"
},
{
"db": "VULMON",
"id": "CVE-2023-50213"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028310"
},
{
"db": "NVD",
"id": "CVE-2023-50213"
}
]
},
"id": "VAR-202312-0599",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22321"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22321"
}
]
},
"last_update_date": "2025-09-24T23:05:19.109000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 Command Injection Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/734811"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1829"
},
{
"db": "CNVD",
"id": "CNVD-2025-22321"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028310"
},
{
"db": "NVD",
"id": "CVE-2023-50213"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1829/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50213"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50213"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1829"
},
{
"db": "CNVD",
"id": "CNVD-2025-22321"
},
{
"db": "VULMON",
"id": "CVE-2023-50213"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028310"
},
{
"db": "NVD",
"id": "CVE-2023-50213"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1829"
},
{
"db": "CNVD",
"id": "CNVD-2025-22321"
},
{
"db": "VULMON",
"id": "CVE-2023-50213"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028310"
},
{
"db": "NVD",
"id": "CVE-2023-50213"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1829"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22321"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028310"
},
{
"date": "2024-05-03T03:16:08.830000",
"db": "NVD",
"id": "CVE-2023-50213"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1829"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22321"
},
{
"date": "2025-03-11T09:18:00",
"db": "JVNDB",
"id": "JVNDB-2023-028310"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50213"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028310"
}
],
"trust": 0.8
}
}
VAR-202312-0590
Vulnerability from variot - Updated: 2025-09-24 23:05D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21298. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0590",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1821"
},
{
"db": "CNVD",
"id": "CNVD-2025-22324"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028295"
},
{
"db": "NVD",
"id": "CVE-2023-50205"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1821"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-22324",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50205",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50205",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50205",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50205",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50205",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50205",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50205",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-22324",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1821"
},
{
"db": "CNVD",
"id": "CNVD-2025-22324"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028295"
},
{
"db": "NVD",
"id": "CVE-2023-50205"
},
{
"db": "NVD",
"id": "CVE-2023-50205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21298. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50205"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028295"
},
{
"db": "ZDI",
"id": "ZDI-23-1821"
},
{
"db": "CNVD",
"id": "CNVD-2025-22324"
},
{
"db": "VULMON",
"id": "CVE-2023-50205"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50205",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1821",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028295",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21298",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-22324",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50205",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1821"
},
{
"db": "CNVD",
"id": "CNVD-2025-22324"
},
{
"db": "VULMON",
"id": "CVE-2023-50205"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028295"
},
{
"db": "NVD",
"id": "CVE-2023-50205"
}
]
},
"id": "VAR-202312-0590",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22324"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22324"
}
]
},
"last_update_date": "2025-09-24T23:05:19.077000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 flup lfilename command injection remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/734846"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1821"
},
{
"db": "CNVD",
"id": "CNVD-2025-22324"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028295"
},
{
"db": "NVD",
"id": "CVE-2023-50205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1821/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50205"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50205"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1821"
},
{
"db": "CNVD",
"id": "CNVD-2025-22324"
},
{
"db": "VULMON",
"id": "CVE-2023-50205"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028295"
},
{
"db": "NVD",
"id": "CVE-2023-50205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1821"
},
{
"db": "CNVD",
"id": "CNVD-2025-22324"
},
{
"db": "VULMON",
"id": "CVE-2023-50205"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028295"
},
{
"db": "NVD",
"id": "CVE-2023-50205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1821"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22324"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028295"
},
{
"date": "2024-05-03T03:16:06.500000",
"db": "NVD",
"id": "CVE-2023-50205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1821"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22324"
},
{
"date": "2025-03-11T06:08:00",
"db": "JVNDB",
"id": "JVNDB-2023-028295"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50205"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028295"
}
],
"trust": 0.8
}
}
VAR-202312-0529
Vulnerability from variot - Updated: 2025-09-24 23:05D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21288. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0529",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1816"
},
{
"db": "CNVD",
"id": "CNVD-2025-22329"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028291"
},
{
"db": "NVD",
"id": "CVE-2023-50200"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1816"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50200",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-22329",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50200",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50200",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50200",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50200",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50200",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50200",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50200",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-22329",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1816"
},
{
"db": "CNVD",
"id": "CNVD-2025-22329"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028291"
},
{
"db": "NVD",
"id": "CVE-2023-50200"
},
{
"db": "NVD",
"id": "CVE-2023-50200"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21288. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50200"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028291"
},
{
"db": "ZDI",
"id": "ZDI-23-1816"
},
{
"db": "CNVD",
"id": "CNVD-2025-22329"
},
{
"db": "VULMON",
"id": "CVE-2023-50200"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50200",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1816",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028291",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21288",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-22329",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50200",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1816"
},
{
"db": "CNVD",
"id": "CNVD-2025-22329"
},
{
"db": "VULMON",
"id": "CVE-2023-50200"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028291"
},
{
"db": "NVD",
"id": "CVE-2023-50200"
}
]
},
"id": "VAR-202312-0529",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22329"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22329"
}
]
},
"last_update_date": "2025-09-24T23:05:19.048000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 cfgsave backusb command injection remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/734881"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1816"
},
{
"db": "CNVD",
"id": "CNVD-2025-22329"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028291"
},
{
"db": "NVD",
"id": "CVE-2023-50200"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1816/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50200"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50200"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1816"
},
{
"db": "CNVD",
"id": "CNVD-2025-22329"
},
{
"db": "VULMON",
"id": "CVE-2023-50200"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028291"
},
{
"db": "NVD",
"id": "CVE-2023-50200"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1816"
},
{
"db": "CNVD",
"id": "CNVD-2025-22329"
},
{
"db": "VULMON",
"id": "CVE-2023-50200"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028291"
},
{
"db": "NVD",
"id": "CVE-2023-50200"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1816"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22329"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028291"
},
{
"date": "2024-05-03T03:16:05.593000",
"db": "NVD",
"id": "CVE-2023-50200"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1816"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22329"
},
{
"date": "2025-03-11T05:54:00",
"db": "JVNDB",
"id": "JVNDB-2023-028291"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50200"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1816"
},
{
"db": "CNVD",
"id": "CNVD-2025-22329"
}
],
"trust": 1.3
}
}
VAR-202312-0571
Vulnerability from variot - Updated: 2025-09-24 23:05D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21296. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0571",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1819"
},
{
"db": "CNVD",
"id": "CNVD-2025-22326"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028302"
},
{
"db": "NVD",
"id": "CVE-2023-50203"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1819"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50203",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-22326",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50203",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50203",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50203",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50203",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50203",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50203",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50203",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-22326",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1819"
},
{
"db": "CNVD",
"id": "CNVD-2025-22326"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028302"
},
{
"db": "NVD",
"id": "CVE-2023-50203"
},
{
"db": "NVD",
"id": "CVE-2023-50203"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21296. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50203"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028302"
},
{
"db": "ZDI",
"id": "ZDI-23-1819"
},
{
"db": "CNVD",
"id": "CNVD-2025-22326"
},
{
"db": "VULMON",
"id": "CVE-2023-50203"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50203",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1819",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028302",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21296",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-22326",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50203",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1819"
},
{
"db": "CNVD",
"id": "CNVD-2025-22326"
},
{
"db": "VULMON",
"id": "CVE-2023-50203"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028302"
},
{
"db": "NVD",
"id": "CVE-2023-50203"
}
]
},
"id": "VAR-202312-0571",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22326"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22326"
}
]
},
"last_update_date": "2025-09-24T23:05:19.019000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 nodered chmod command injection remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/734861"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1819"
},
{
"db": "CNVD",
"id": "CNVD-2025-22326"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028302"
},
{
"db": "NVD",
"id": "CVE-2023-50203"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1819/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50203"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50203"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1819"
},
{
"db": "CNVD",
"id": "CNVD-2025-22326"
},
{
"db": "VULMON",
"id": "CVE-2023-50203"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028302"
},
{
"db": "NVD",
"id": "CVE-2023-50203"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1819"
},
{
"db": "CNVD",
"id": "CNVD-2025-22326"
},
{
"db": "VULMON",
"id": "CVE-2023-50203"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028302"
},
{
"db": "NVD",
"id": "CVE-2023-50203"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1819"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22326"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028302"
},
{
"date": "2024-05-03T03:16:06.127000",
"db": "NVD",
"id": "CVE-2023-50203"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1819"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22326"
},
{
"date": "2025-03-11T07:30:00",
"db": "JVNDB",
"id": "JVNDB-2023-028302"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50203"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1819"
},
{
"db": "CNVD",
"id": "CNVD-2025-22326"
}
],
"trust": 1.3
}
}
VAR-202312-0502
Vulnerability from variot - Updated: 2025-09-24 23:05D-Link G416 flupl query_type edit Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21299. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0502",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1822"
},
{
"db": "CNVD",
"id": "CNVD-2025-22323"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028303"
},
{
"db": "NVD",
"id": "CVE-2023-50206"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1822"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50206",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-22323",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50206",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50206",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50206",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50206",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50206",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50206",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50206",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-22323",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1822"
},
{
"db": "CNVD",
"id": "CNVD-2025-22323"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028303"
},
{
"db": "NVD",
"id": "CVE-2023-50206"
},
{
"db": "NVD",
"id": "CVE-2023-50206"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 flupl query_type edit Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21299. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50206"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028303"
},
{
"db": "ZDI",
"id": "ZDI-23-1822"
},
{
"db": "CNVD",
"id": "CNVD-2025-22323"
},
{
"db": "VULMON",
"id": "CVE-2023-50206"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50206",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1822",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028303",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21299",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-22323",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50206",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1822"
},
{
"db": "CNVD",
"id": "CNVD-2025-22323"
},
{
"db": "VULMON",
"id": "CVE-2023-50206"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028303"
},
{
"db": "NVD",
"id": "CVE-2023-50206"
}
]
},
"id": "VAR-202312-0502",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22323"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22323"
}
]
},
"last_update_date": "2025-09-24T23:05:18.976000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 flpl query_type edit command injection remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/734836"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1822"
},
{
"db": "CNVD",
"id": "CNVD-2025-22323"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028303"
},
{
"db": "NVD",
"id": "CVE-2023-50206"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1822/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50206"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50206"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1822"
},
{
"db": "CNVD",
"id": "CNVD-2025-22323"
},
{
"db": "VULMON",
"id": "CVE-2023-50206"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028303"
},
{
"db": "NVD",
"id": "CVE-2023-50206"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1822"
},
{
"db": "CNVD",
"id": "CNVD-2025-22323"
},
{
"db": "VULMON",
"id": "CVE-2023-50206"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028303"
},
{
"db": "NVD",
"id": "CVE-2023-50206"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1822"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22323"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028303"
},
{
"date": "2024-05-03T03:16:06.687000",
"db": "NVD",
"id": "CVE-2023-50206"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1822"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22323"
},
{
"date": "2025-03-11T07:31:00",
"db": "JVNDB",
"id": "JVNDB-2023-028303"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50206"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028303"
}
],
"trust": 0.8
}
}
VAR-202312-0518
Vulnerability from variot - Updated: 2025-09-24 23:05D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21289. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0518",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1817"
},
{
"db": "CNVD",
"id": "CNVD-2025-22328"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028297"
},
{
"db": "NVD",
"id": "CVE-2023-50201"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1817"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50201",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-22328",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50201",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50201",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50201",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50201",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50201",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50201",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50201",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-22328",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1817"
},
{
"db": "CNVD",
"id": "CNVD-2025-22328"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028297"
},
{
"db": "NVD",
"id": "CVE-2023-50201"
},
{
"db": "NVD",
"id": "CVE-2023-50201"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21289. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50201"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028297"
},
{
"db": "ZDI",
"id": "ZDI-23-1817"
},
{
"db": "CNVD",
"id": "CNVD-2025-22328"
},
{
"db": "VULMON",
"id": "CVE-2023-50201"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50201",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1817",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028297",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21289",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-22328",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50201",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1817"
},
{
"db": "CNVD",
"id": "CNVD-2025-22328"
},
{
"db": "VULMON",
"id": "CVE-2023-50201"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028297"
},
{
"db": "NVD",
"id": "CVE-2023-50201"
}
]
},
"id": "VAR-202312-0518",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22328"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-22328"
}
]
},
"last_update_date": "2025-09-24T23:05:18.943000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 cfgsave upusb command injection remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/734876"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1817"
},
{
"db": "CNVD",
"id": "CNVD-2025-22328"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028297"
},
{
"db": "NVD",
"id": "CVE-2023-50201"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1817/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50201"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50201"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1817"
},
{
"db": "CNVD",
"id": "CNVD-2025-22328"
},
{
"db": "VULMON",
"id": "CVE-2023-50201"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028297"
},
{
"db": "NVD",
"id": "CVE-2023-50201"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1817"
},
{
"db": "CNVD",
"id": "CNVD-2025-22328"
},
{
"db": "VULMON",
"id": "CVE-2023-50201"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028297"
},
{
"db": "NVD",
"id": "CVE-2023-50201"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1817"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22328"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028297"
},
{
"date": "2024-05-03T03:16:05.770000",
"db": "NVD",
"id": "CVE-2023-50201"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1817"
},
{
"date": "2025-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-22328"
},
{
"date": "2025-03-11T06:08:00",
"db": "JVNDB",
"id": "JVNDB-2023-028297"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50201"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1817"
},
{
"db": "CNVD",
"id": "CNVD-2025-22328"
}
],
"trust": 1.3
}
}
VAR-202312-0589
Vulnerability from variot - Updated: 2025-08-21 23:11D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper handling of error conditions. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-21664. D-Link Systems, Inc. The D-Link G416 is a 4G+ smart router from D-Link, launched in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0589",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1828"
},
{
"db": "CNVD",
"id": "CNVD-2025-18891"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028329"
},
{
"db": "NVD",
"id": "CVE-2023-50212"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1828"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50212",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-18891",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50212",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50212",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-50212",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50212",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50212",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50212",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-50212",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2023-50212",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2025-18891",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1828"
},
{
"db": "CNVD",
"id": "CNVD-2025-18891"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028329"
},
{
"db": "NVD",
"id": "CVE-2023-50212"
},
{
"db": "NVD",
"id": "CVE-2023-50212"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper handling of error conditions. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-21664. D-Link Systems, Inc. The D-Link G416 is a 4G+ smart router from D-Link, launched in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50212"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028329"
},
{
"db": "ZDI",
"id": "ZDI-23-1828"
},
{
"db": "CNVD",
"id": "CNVD-2025-18891"
},
{
"db": "VULMON",
"id": "CVE-2023-50212"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50212",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1828",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028329",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21664",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-18891",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50212",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1828"
},
{
"db": "CNVD",
"id": "CNVD-2025-18891"
},
{
"db": "VULMON",
"id": "CVE-2023-50212"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028329"
},
{
"db": "NVD",
"id": "CVE-2023-50212"
}
]
},
"id": "VAR-202312-0589",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18891"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18891"
}
]
},
"last_update_date": "2025-08-21T23:11:17.957000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/719911"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1828"
},
{
"db": "CNVD",
"id": "CNVD-2025-18891"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.0
},
{
"problemtype": "Improper handling in exceptional conditions (CWE-755) [ others ]",
"trust": 0.8
},
{
"problemtype": " Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028329"
},
{
"db": "NVD",
"id": "CVE-2023-50212"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1828/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50212"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50212"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1828"
},
{
"db": "CNVD",
"id": "CNVD-2025-18891"
},
{
"db": "VULMON",
"id": "CVE-2023-50212"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028329"
},
{
"db": "NVD",
"id": "CVE-2023-50212"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1828"
},
{
"db": "CNVD",
"id": "CNVD-2025-18891"
},
{
"db": "VULMON",
"id": "CVE-2023-50212"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028329"
},
{
"db": "NVD",
"id": "CVE-2023-50212"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1828"
},
{
"date": "2025-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18891"
},
{
"date": "2025-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028329"
},
{
"date": "2024-05-03T03:16:08.620000",
"db": "NVD",
"id": "CVE-2023-50212"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1828"
},
{
"date": "2025-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18891"
},
{
"date": "2025-03-12T09:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028329"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50212"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 Exceptional condition handling vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028329"
}
],
"trust": 0.8
}
}
VAR-202312-0517
Vulnerability from variot - Updated: 2025-08-21 23:11D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21809. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps.
The D-Link G416 suffers from a command injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0517",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1831"
},
{
"db": "CNVD",
"id": "CNVD-2025-18895"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028309"
},
{
"db": "NVD",
"id": "CVE-2023-50215"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1831"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50215",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-18895",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50215",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50215",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50215",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50215",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50215",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50215",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50215",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-18895",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1831"
},
{
"db": "CNVD",
"id": "CNVD-2025-18895"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028309"
},
{
"db": "NVD",
"id": "CVE-2023-50215"
},
{
"db": "NVD",
"id": "CVE-2023-50215"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21809. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps. \n\nThe D-Link G416 suffers from a command injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50215"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028309"
},
{
"db": "ZDI",
"id": "ZDI-23-1831"
},
{
"db": "CNVD",
"id": "CNVD-2025-18895"
},
{
"db": "VULMON",
"id": "CVE-2023-50215"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50215",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1831",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028309",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21809",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-18895",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50215",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1831"
},
{
"db": "CNVD",
"id": "CNVD-2025-18895"
},
{
"db": "VULMON",
"id": "CVE-2023-50215"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028309"
},
{
"db": "NVD",
"id": "CVE-2023-50215"
}
]
},
"id": "VAR-202312-0517",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18895"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18895"
}
]
},
"last_update_date": "2025-08-21T23:11:17.928000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 nodered gz file command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/719936"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1831"
},
{
"db": "CNVD",
"id": "CNVD-2025-18895"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028309"
},
{
"db": "NVD",
"id": "CVE-2023-50215"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1831/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50215"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50215"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1831"
},
{
"db": "CNVD",
"id": "CNVD-2025-18895"
},
{
"db": "VULMON",
"id": "CVE-2023-50215"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028309"
},
{
"db": "NVD",
"id": "CVE-2023-50215"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1831"
},
{
"db": "CNVD",
"id": "CNVD-2025-18895"
},
{
"db": "VULMON",
"id": "CVE-2023-50215"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028309"
},
{
"db": "NVD",
"id": "CVE-2023-50215"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1831"
},
{
"date": "2025-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18895"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028309"
},
{
"date": "2024-05-03T03:16:09.180000",
"db": "NVD",
"id": "CVE-2023-50215"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1831"
},
{
"date": "2025-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18895"
},
{
"date": "2025-03-11T09:18:00",
"db": "JVNDB",
"id": "JVNDB-2023-028309"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50215"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028309"
}
],
"trust": 0.8
}
}
VAR-202312-0686
Vulnerability from variot - Updated: 2025-08-21 23:11D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21442. D-Link Systems, Inc. of G416 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1825"
},
{
"db": "CNVD",
"id": "CNVD-2025-18889"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028433"
},
{
"db": "NVD",
"id": "CVE-2023-50209"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1825"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50209",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-18889",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50209",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50209",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50209",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50209",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50209",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50209",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50209",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-18889",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1825"
},
{
"db": "CNVD",
"id": "CNVD-2025-18889"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028433"
},
{
"db": "NVD",
"id": "CVE-2023-50209"
},
{
"db": "NVD",
"id": "CVE-2023-50209"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21442. D-Link Systems, Inc. of G416 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50209"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028433"
},
{
"db": "ZDI",
"id": "ZDI-23-1825"
},
{
"db": "CNVD",
"id": "CNVD-2025-18889"
},
{
"db": "VULMON",
"id": "CVE-2023-50209"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50209",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1825",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028433",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21442",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-18889",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50209",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1825"
},
{
"db": "CNVD",
"id": "CNVD-2025-18889"
},
{
"db": "VULMON",
"id": "CVE-2023-50209"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028433"
},
{
"db": "NVD",
"id": "CVE-2023-50209"
}
]
},
"id": "VAR-202312-0686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18889"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18889"
}
]
},
"last_update_date": "2025-08-21T23:11:17.897000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 cfgsave buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/719881"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1825"
},
{
"db": "CNVD",
"id": "CNVD-2025-18889"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028433"
},
{
"db": "NVD",
"id": "CVE-2023-50209"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1825/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50209"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50209"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1825"
},
{
"db": "CNVD",
"id": "CNVD-2025-18889"
},
{
"db": "VULMON",
"id": "CVE-2023-50209"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028433"
},
{
"db": "NVD",
"id": "CVE-2023-50209"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1825"
},
{
"db": "CNVD",
"id": "CNVD-2025-18889"
},
{
"db": "VULMON",
"id": "CVE-2023-50209"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028433"
},
{
"db": "NVD",
"id": "CVE-2023-50209"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1825"
},
{
"date": "2025-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18889"
},
{
"date": "2025-03-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028433"
},
{
"date": "2024-05-03T03:16:07.407000",
"db": "NVD",
"id": "CVE-2023-50209"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1825"
},
{
"date": "2025-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18889"
},
{
"date": "2025-03-21T05:10:00",
"db": "JVNDB",
"id": "JVNDB-2023-028433"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50209"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028433"
}
],
"trust": 0.8
}
}
VAR-202312-0559
Vulnerability from variot - Updated: 2025-08-21 23:11D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21441. D-Link Systems, Inc. of G416 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0559",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1824"
},
{
"db": "CNVD",
"id": "CNVD-2025-18890"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028289"
},
{
"db": "NVD",
"id": "CVE-2023-50208"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1824"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-18890",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50208",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50208",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50208",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50208",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50208",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50208",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50208",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-18890",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1824"
},
{
"db": "CNVD",
"id": "CNVD-2025-18890"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028289"
},
{
"db": "NVD",
"id": "CVE-2023-50208"
},
{
"db": "NVD",
"id": "CVE-2023-50208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21441. D-Link Systems, Inc. of G416 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50208"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028289"
},
{
"db": "ZDI",
"id": "ZDI-23-1824"
},
{
"db": "CNVD",
"id": "CNVD-2025-18890"
},
{
"db": "VULMON",
"id": "CVE-2023-50208"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50208",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1824",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028289",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21441",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-18890",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50208",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1824"
},
{
"db": "CNVD",
"id": "CNVD-2025-18890"
},
{
"db": "VULMON",
"id": "CVE-2023-50208"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028289"
},
{
"db": "NVD",
"id": "CVE-2023-50208"
}
]
},
"id": "VAR-202312-0559",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18890"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18890"
}
]
},
"last_update_date": "2025-08-21T23:11:17.869000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 ovpncfg buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/719901"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1824"
},
{
"db": "CNVD",
"id": "CNVD-2025-18890"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028289"
},
{
"db": "NVD",
"id": "CVE-2023-50208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1824/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50208"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50208"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1824"
},
{
"db": "CNVD",
"id": "CNVD-2025-18890"
},
{
"db": "VULMON",
"id": "CVE-2023-50208"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028289"
},
{
"db": "NVD",
"id": "CVE-2023-50208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1824"
},
{
"db": "CNVD",
"id": "CNVD-2025-18890"
},
{
"db": "VULMON",
"id": "CVE-2023-50208"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028289"
},
{
"db": "NVD",
"id": "CVE-2023-50208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1824"
},
{
"date": "2025-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18890"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028289"
},
{
"date": "2024-05-03T03:16:07.030000",
"db": "NVD",
"id": "CVE-2023-50208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1824"
},
{
"date": "2025-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18890"
},
{
"date": "2025-03-11T05:54:00",
"db": "JVNDB",
"id": "JVNDB-2023-028289"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50208"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028289"
}
],
"trust": 0.8
}
}
VAR-202312-0526
Vulnerability from variot - Updated: 2025-08-21 23:11D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21662. D-Link Systems, Inc. of G416 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps.
The D-Link G416 suffers from a buffer overflow vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0526",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1826"
},
{
"db": "CNVD",
"id": "CNVD-2025-18888"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028294"
},
{
"db": "NVD",
"id": "CVE-2023-50210"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1826"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50210",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-18888",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50210",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50210",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50210",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50210",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50210",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50210",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50210",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-18888",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1826"
},
{
"db": "CNVD",
"id": "CNVD-2025-18888"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028294"
},
{
"db": "NVD",
"id": "CVE-2023-50210"
},
{
"db": "NVD",
"id": "CVE-2023-50210"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21662. D-Link Systems, Inc. of G416 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps. \n\nThe D-Link G416 suffers from a buffer overflow vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50210"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028294"
},
{
"db": "ZDI",
"id": "ZDI-23-1826"
},
{
"db": "CNVD",
"id": "CNVD-2025-18888"
},
{
"db": "VULMON",
"id": "CVE-2023-50210"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50210",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1826",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028294",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21662",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-18888",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50210",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1826"
},
{
"db": "CNVD",
"id": "CNVD-2025-18888"
},
{
"db": "VULMON",
"id": "CVE-2023-50210"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028294"
},
{
"db": "NVD",
"id": "CVE-2023-50210"
}
]
},
"id": "VAR-202312-0526",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18888"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18888"
}
]
},
"last_update_date": "2025-08-21T23:11:17.836000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 httpd API-AUTH buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/719876"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1826"
},
{
"db": "CNVD",
"id": "CNVD-2025-18888"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028294"
},
{
"db": "NVD",
"id": "CVE-2023-50210"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1826/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50210"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50210"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1826"
},
{
"db": "CNVD",
"id": "CNVD-2025-18888"
},
{
"db": "VULMON",
"id": "CVE-2023-50210"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028294"
},
{
"db": "NVD",
"id": "CVE-2023-50210"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1826"
},
{
"db": "CNVD",
"id": "CNVD-2025-18888"
},
{
"db": "VULMON",
"id": "CVE-2023-50210"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028294"
},
{
"db": "NVD",
"id": "CVE-2023-50210"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1826"
},
{
"date": "2025-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18888"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028294"
},
{
"date": "2024-05-03T03:16:07.837000",
"db": "NVD",
"id": "CVE-2023-50210"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1826"
},
{
"date": "2025-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18888"
},
{
"date": "2025-03-11T06:08:00",
"db": "JVNDB",
"id": "JVNDB-2023-028294"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50210"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028294"
}
],
"trust": 0.8
}
}
VAR-202312-0552
Vulnerability from variot - Updated: 2025-08-21 23:11D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21810. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0552",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1832"
},
{
"db": "CNVD",
"id": "CNVD-2025-18894"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028431"
},
{
"db": "NVD",
"id": "CVE-2023-50216"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1832"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50216",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-18894",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50216",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50216",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50216",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50216",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50216",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50216",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50216",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-18894",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1832"
},
{
"db": "CNVD",
"id": "CNVD-2025-18894"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028431"
},
{
"db": "NVD",
"id": "CVE-2023-50216"
},
{
"db": "NVD",
"id": "CVE-2023-50216"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21810. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50216"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028431"
},
{
"db": "ZDI",
"id": "ZDI-23-1832"
},
{
"db": "CNVD",
"id": "CNVD-2025-18894"
},
{
"db": "VULMON",
"id": "CVE-2023-50216"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50216",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1832",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028431",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21810",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-18894",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50216",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1832"
},
{
"db": "CNVD",
"id": "CNVD-2025-18894"
},
{
"db": "VULMON",
"id": "CVE-2023-50216"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028431"
},
{
"db": "NVD",
"id": "CVE-2023-50216"
}
]
},
"id": "VAR-202312-0552",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18894"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18894"
}
]
},
"last_update_date": "2025-08-21T23:11:17.805000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 awsfile tar file command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/719931"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1832"
},
{
"db": "CNVD",
"id": "CNVD-2025-18894"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028431"
},
{
"db": "NVD",
"id": "CVE-2023-50216"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1832/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50216"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50216"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1832"
},
{
"db": "CNVD",
"id": "CNVD-2025-18894"
},
{
"db": "VULMON",
"id": "CVE-2023-50216"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028431"
},
{
"db": "NVD",
"id": "CVE-2023-50216"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1832"
},
{
"db": "CNVD",
"id": "CNVD-2025-18894"
},
{
"db": "VULMON",
"id": "CVE-2023-50216"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028431"
},
{
"db": "NVD",
"id": "CVE-2023-50216"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1832"
},
{
"date": "2025-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18894"
},
{
"date": "2025-03-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028431"
},
{
"date": "2024-05-03T03:16:09.367000",
"db": "NVD",
"id": "CVE-2023-50216"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1832"
},
{
"date": "2025-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18894"
},
{
"date": "2025-03-21T05:10:00",
"db": "JVNDB",
"id": "JVNDB-2023-028431"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50216"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028431"
}
],
"trust": 0.8
}
}
VAR-202312-0516
Vulnerability from variot - Updated: 2025-08-21 23:11D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21811. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0516",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1833"
},
{
"db": "CNVD",
"id": "CNVD-2025-18893"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028288"
},
{
"db": "NVD",
"id": "CVE-2023-50217"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1833"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50217",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-18893",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50217",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50217",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50217",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50217",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50217",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-18893",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1833"
},
{
"db": "CNVD",
"id": "CNVD-2025-18893"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028288"
},
{
"db": "NVD",
"id": "CVE-2023-50217"
},
{
"db": "NVD",
"id": "CVE-2023-50217"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21811. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI intelligent optimization, and 4G LTE Cat 6 network, with a maximum speed of 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50217"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028288"
},
{
"db": "ZDI",
"id": "ZDI-23-1833"
},
{
"db": "CNVD",
"id": "CNVD-2025-18893"
},
{
"db": "VULMON",
"id": "CVE-2023-50217"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50217",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1833",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028288",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21811",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-18893",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50217",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1833"
},
{
"db": "CNVD",
"id": "CNVD-2025-18893"
},
{
"db": "VULMON",
"id": "CVE-2023-50217"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028288"
},
{
"db": "NVD",
"id": "CVE-2023-50217"
}
]
},
"id": "VAR-202312-0516",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18893"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18893"
}
]
},
"last_update_date": "2025-08-21T23:11:17.773000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/719921"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1833"
},
{
"db": "CNVD",
"id": "CNVD-2025-18893"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028288"
},
{
"db": "NVD",
"id": "CVE-2023-50217"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1833/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50217"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50217"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1833"
},
{
"db": "CNVD",
"id": "CNVD-2025-18893"
},
{
"db": "VULMON",
"id": "CVE-2023-50217"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028288"
},
{
"db": "NVD",
"id": "CVE-2023-50217"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1833"
},
{
"db": "CNVD",
"id": "CNVD-2025-18893"
},
{
"db": "VULMON",
"id": "CVE-2023-50217"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028288"
},
{
"db": "NVD",
"id": "CVE-2023-50217"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1833"
},
{
"date": "2025-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18893"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028288"
},
{
"date": "2024-05-03T03:16:09.540000",
"db": "NVD",
"id": "CVE-2023-50217"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1833"
},
{
"date": "2025-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18893"
},
{
"date": "2025-03-11T05:54:00",
"db": "JVNDB",
"id": "JVNDB-2023-028288"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50217"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028288"
}
],
"trust": 0.8
}
}
VAR-202312-0592
Vulnerability from variot - Updated: 2025-08-21 23:11D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to gain access to critical functions on the device. Was ZDI-CAN-21287. D-Link Systems, Inc. of G416 Firmware has a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is the AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0592",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1815"
},
{
"db": "CNVD",
"id": "CNVD-2025-18892"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028312"
},
{
"db": "NVD",
"id": "CVE-2023-50199"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1815"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50199",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-18892",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50199",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50199",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50199",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50199",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50199",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50199",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50199",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-18892",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1815"
},
{
"db": "CNVD",
"id": "CNVD-2025-18892"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028312"
},
{
"db": "NVD",
"id": "CVE-2023-50199"
},
{
"db": "NVD",
"id": "CVE-2023-50199"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to gain access to critical functions on the device. Was ZDI-CAN-21287. D-Link Systems, Inc. of G416 Firmware has a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is the AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50199"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028312"
},
{
"db": "ZDI",
"id": "ZDI-23-1815"
},
{
"db": "CNVD",
"id": "CNVD-2025-18892"
},
{
"db": "VULMON",
"id": "CVE-2023-50199"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50199",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1815",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028312",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21287",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-18892",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50199",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1815"
},
{
"db": "CNVD",
"id": "CNVD-2025-18892"
},
{
"db": "VULMON",
"id": "CVE-2023-50199"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028312"
},
{
"db": "NVD",
"id": "CVE-2023-50199"
}
]
},
"id": "VAR-202312-0592",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18892"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18892"
}
]
},
"last_update_date": "2025-08-21T23:11:17.741000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 Authentication Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/719916"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1815"
},
{
"db": "CNVD",
"id": "CNVD-2025-18892"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028312"
},
{
"db": "NVD",
"id": "CVE-2023-50199"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1815/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50199"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50199"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1815"
},
{
"db": "CNVD",
"id": "CNVD-2025-18892"
},
{
"db": "VULMON",
"id": "CVE-2023-50199"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028312"
},
{
"db": "NVD",
"id": "CVE-2023-50199"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1815"
},
{
"db": "CNVD",
"id": "CNVD-2025-18892"
},
{
"db": "VULMON",
"id": "CVE-2023-50199"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028312"
},
{
"db": "NVD",
"id": "CVE-2023-50199"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1815"
},
{
"date": "2025-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18892"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028312"
},
{
"date": "2024-05-03T03:16:05.387000",
"db": "NVD",
"id": "CVE-2023-50199"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1815"
},
{
"date": "2025-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18892"
},
{
"date": "2025-03-11T09:18:00",
"db": "JVNDB",
"id": "JVNDB-2023-028312"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50199"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 Vulnerability related to lack of authentication for critical functions in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028312"
}
],
"trust": 0.8
}
}
VAR-202312-0501
Vulnerability from variot - Updated: 2025-08-21 23:11D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21808. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0501",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1830"
},
{
"db": "CNVD",
"id": "CNVD-2025-18896"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028432"
},
{
"db": "NVD",
"id": "CVE-2023-50214"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1830"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-18896",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50214",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50214",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50214",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50214",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50214",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50214",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50214",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-18896",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1830"
},
{
"db": "CNVD",
"id": "CNVD-2025-18896"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028432"
},
{
"db": "NVD",
"id": "CVE-2023-50214"
},
{
"db": "NVD",
"id": "CVE-2023-50214"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21808. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is a AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50214"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028432"
},
{
"db": "ZDI",
"id": "ZDI-23-1830"
},
{
"db": "CNVD",
"id": "CNVD-2025-18896"
},
{
"db": "VULMON",
"id": "CVE-2023-50214"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50214",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1830",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028432",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21808",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-18896",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50214",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1830"
},
{
"db": "CNVD",
"id": "CNVD-2025-18896"
},
{
"db": "VULMON",
"id": "CVE-2023-50214"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028432"
},
{
"db": "NVD",
"id": "CVE-2023-50214"
}
]
},
"id": "VAR-202312-0501",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18896"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18896"
}
]
},
"last_update_date": "2025-08-21T23:11:17.713000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 nodered tar file command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/719941"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1830"
},
{
"db": "CNVD",
"id": "CNVD-2025-18896"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028432"
},
{
"db": "NVD",
"id": "CVE-2023-50214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1830/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50214"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50214"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1830"
},
{
"db": "CNVD",
"id": "CNVD-2025-18896"
},
{
"db": "VULMON",
"id": "CVE-2023-50214"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028432"
},
{
"db": "NVD",
"id": "CVE-2023-50214"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1830"
},
{
"db": "CNVD",
"id": "CNVD-2025-18896"
},
{
"db": "VULMON",
"id": "CVE-2023-50214"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028432"
},
{
"db": "NVD",
"id": "CVE-2023-50214"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1830"
},
{
"date": "2025-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18896"
},
{
"date": "2025-03-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028432"
},
{
"date": "2024-05-03T03:16:09.007000",
"db": "NVD",
"id": "CVE-2023-50214"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1830"
},
{
"date": "2025-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18896"
},
{
"date": "2025-03-21T05:10:00",
"db": "JVNDB",
"id": "JVNDB-2023-028432"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50214"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028432"
}
],
"trust": 0.8
}
}
VAR-202312-0618
Vulnerability from variot - Updated: 2025-08-21 23:11D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21663. D-Link Systems, Inc. of G416 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is the AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0618",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1827"
},
{
"db": "CNVD",
"id": "CNVD-2025-18887"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028281"
},
{
"db": "NVD",
"id": "CVE-2023-50211"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1827"
}
],
"trust": 0.7
},
"cve": "CVE-2023-50211",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-18887",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50211",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50211",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-50211",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-50211",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-50211",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-50211",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-50211",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-18887",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1827"
},
{
"db": "CNVD",
"id": "CNVD-2025-18887"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028281"
},
{
"db": "NVD",
"id": "CVE-2023-50211"
},
{
"db": "NVD",
"id": "CVE-2023-50211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21663. D-Link Systems, Inc. of G416 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link G416 is the AX1500 4G+ smart router launched by D-Link in June 2025. It supports Wi-Fi 6, AI-powered optimization, and 4G LTE Cat 6 network, offering speeds up to 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-50211"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028281"
},
{
"db": "ZDI",
"id": "ZDI-23-1827"
},
{
"db": "CNVD",
"id": "CNVD-2025-18887"
},
{
"db": "VULMON",
"id": "CVE-2023-50211"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-50211",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1827",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10367",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028281",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21663",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-18887",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-50211",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1827"
},
{
"db": "CNVD",
"id": "CNVD-2025-18887"
},
{
"db": "VULMON",
"id": "CVE-2023-50211"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028281"
},
{
"db": "NVD",
"id": "CVE-2023-50211"
}
]
},
"id": "VAR-202312-0618",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18887"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18887"
}
]
},
"last_update_date": "2025-08-21T23:11:17.681000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367"
},
{
"title": "Patch for D-Link G416 Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/719861"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1827"
},
{
"db": "CNVD",
"id": "CNVD-2025-18887"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028281"
},
{
"db": "NVD",
"id": "CVE-2023-50211"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10367"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1827/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-50211"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-50211"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1827"
},
{
"db": "CNVD",
"id": "CNVD-2025-18887"
},
{
"db": "VULMON",
"id": "CVE-2023-50211"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028281"
},
{
"db": "NVD",
"id": "CVE-2023-50211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1827"
},
{
"db": "CNVD",
"id": "CNVD-2025-18887"
},
{
"db": "VULMON",
"id": "CVE-2023-50211"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028281"
},
{
"db": "NVD",
"id": "CVE-2023-50211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1827"
},
{
"date": "2025-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18887"
},
{
"date": "2025-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028281"
},
{
"date": "2024-05-03T03:16:08.303000",
"db": "NVD",
"id": "CVE-2023-50211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1827"
},
{
"date": "2025-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18887"
},
{
"date": "2025-03-11T01:26:00",
"db": "JVNDB",
"id": "JVNDB-2023-028281"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2023-50211"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028281"
}
],
"trust": 0.8
}
}
VAR-202405-0209
Vulnerability from variot - Updated: 2025-03-23 23:28D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21294. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link G416 is a wireless router from D-Link, a Chinese company.
D-Link G416 has a code execution vulnerability, which is caused by the application failing to properly filter special elements in the constructed code segment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-0209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g416",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "g416",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "g416 firmware 1.09b01"
},
{
"model": "g416",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-446"
},
{
"db": "CNVD",
"id": "CNVD-2024-26088"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020651"
},
{
"db": "NVD",
"id": "CVE-2024-5295"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-446"
}
],
"trust": 0.7
},
"cve": "CVE-2024-5295",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2024-26088",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-5295",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-5295",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-5295",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2024-5295",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5295",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-5295",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-5295",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2024-26088",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-446"
},
{
"db": "CNVD",
"id": "CNVD-2024-26088"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020651"
},
{
"db": "NVD",
"id": "CVE-2024-5295"
},
{
"db": "NVD",
"id": "CVE-2024-5295"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21294. D-Link Systems, Inc. of G416 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link G416 is a wireless router from D-Link, a Chinese company. \n\nD-Link G416 has a code execution vulnerability, which is caused by the application failing to properly filter special elements in the constructed code segment",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5295"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020651"
},
{
"db": "ZDI",
"id": "ZDI-24-446"
},
{
"db": "CNVD",
"id": "CNVD-2024-26088"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5295",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-446",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020651",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21294",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-26088",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-446"
},
{
"db": "CNVD",
"id": "CNVD-2024-26088"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020651"
},
{
"db": "NVD",
"id": "CVE-2024-5295"
}
]
},
"id": "VAR-202405-0209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-26088"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-26088"
}
]
},
"last_update_date": "2025-03-23T23:28:39.675000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "08/16/23 \u2013 ZDI reported the vulnerabilities to the vendor 08/24/23 \u2013 The vendor communicated that the cases would be fixed in Q4, 2023 release 05/01/24 \u2013 ZDI notified the vendor of\u202fthe intention to\u202fpublish the case as\u202f0-day advisory on 05/14/24 -- Mitigation: On May 14, 2024, the vendor informed ZDI about the software update v1.09B01",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10364"
},
{
"title": "Patch for D-Link G416 Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/554376"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-446"
},
{
"db": "CNVD",
"id": "CNVD-2024-26088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020651"
},
{
"db": "NVD",
"id": "CVE-2024-5295"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-446/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5295"
},
{
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10364"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-446"
},
{
"db": "CNVD",
"id": "CNVD-2024-26088"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020651"
},
{
"db": "NVD",
"id": "CVE-2024-5295"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-446"
},
{
"db": "CNVD",
"id": "CNVD-2024-26088"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020651"
},
{
"db": "NVD",
"id": "CVE-2024-5295"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-05-24T00:00:00",
"db": "ZDI",
"id": "ZDI-24-446"
},
{
"date": "2024-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-26088"
},
{
"date": "2025-03-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-020651"
},
{
"date": "2024-05-23T22:15:15.420000",
"db": "NVD",
"id": "CVE-2024-5295"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-24-446"
},
{
"date": "2024-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-26088"
},
{
"date": "2025-03-21T05:11:00",
"db": "JVNDB",
"id": "JVNDB-2024-020651"
},
{
"date": "2025-03-10T16:26:06.647000",
"db": "NVD",
"id": "CVE-2024-5295"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0G416\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020651"
}
],
"trust": 0.8
}
}