Vulnerabilites related to dlink - di-7300g\+
Vulnerability from fkie_nvd
Published
2023-10-16 06:15
Modified
2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro fn de la funci\u00f3n tgfile.htm."
}
],
"id": "CVE-2023-45572",
"lastModified": "2024-11-21T08:26:58.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T06:15:12.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 07:15
Modified
2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro remove_ext_proto/remove_ext_port de la funci\u00f3n upnp_ctrl.asp."
}
],
"id": "CVE-2023-45576",
"lastModified": "2024-11-21T08:26:59.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T07:15:08.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 06:15
Modified
2024-11-21 08:26
Severity ?
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de pila en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro ip de la funci\u00f3n ip_position.asp."
}
],
"id": "CVE-2023-45575",
"lastModified": "2024-11-21T08:26:59.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T06:15:12.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 06:15
Modified
2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro fn de la funci\u00f3n file.data."
}
],
"id": "CVE-2023-45574",
"lastModified": "2024-11-21T08:26:59.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T06:15:12.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 07:15
Modified
2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function"
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de wild/mx y otros par\u00e1metros de la funci\u00f3n ddns.asp."
}
],
"id": "CVE-2023-45580",
"lastModified": "2024-11-21T08:26:59.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T07:15:09.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-30 08:15
Modified
2025-07-01 16:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_2_en.pdf | Broken Link | |
| cna@vuldb.com | https://vuldb.com/?ctiid.314389 | VDB Entry, Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.314389 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.604442 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.dlink.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_2_en.pdf | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7300g\+_firmware | 19.12.25a1 | |
| dlink | di-7300g\+ | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:19.12.25a1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8D1751-9FDA-4454-8A33-FEA687396B41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98A379EE-8626-4227-8B3C-89E4464B9582",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad cr\u00edtica en D-Link DI-7300G+ 19.12.25A1. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo httpd_debug.asp. La manipulaci\u00f3n del argumento \"Time\" provoca la inyecci\u00f3n de comandos del sistema operativo. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"id": "CVE-2025-6897",
"lastModified": "2025-07-01T16:30:28.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-30T08:15:23.843",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_2_en.pdf"
},
{
"source": "cna@vuldb.com",
"tags": [
"VDB Entry",
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.314389"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.314389"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.604442"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.dlink.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Broken Link"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_2_en.pdf"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-30 07:15
Modified
2025-07-14 17:19
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_1_en.pdf | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.314388 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.314388 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.604441 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.dlink.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7300g\+_firmware | 19.12.25a1 | |
| dlink | di-7300g\+ | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:19.12.25a1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8D1751-9FDA-4454-8A33-FEA687396B41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98A379EE-8626-4227-8B3C-89E4464B9582",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad cr\u00edtica en D-Link DI-7300G+ 19.12.25A1. Se ve afectada una funci\u00f3n desconocida del archivo wget_test.asp. La manipulaci\u00f3n del argumento url provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado ."
}
],
"id": "CVE-2025-6896",
"lastModified": "2025-07-14T17:19:06.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-30T07:15:23.543",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_1_en.pdf"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.314388"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.314388"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.604441"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.dlink.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 07:15
Modified
2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro ip/type de la funci\u00f3n jingx.asp."
}
],
"id": "CVE-2023-45579",
"lastModified": "2024-11-21T08:26:59.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T07:15:09.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-30 09:15
Modified
2025-07-14 17:19
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_4_en.pdf | Exploit, Issue Tracking | |
| cna@vuldb.com | https://vuldb.com/?ctiid.314391 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.314391 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.604444 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.dlink.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7300g\+_firmware | 19.12.25a1 | |
| dlink | di-7300g\+ | - | |
| dlink | di-8200g_firmware | 16.07.26a1 | |
| dlink | di-8200g | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:19.12.25a1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8D1751-9FDA-4454-8A33-FEA687396B41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98A379EE-8626-4227-8B3C-89E4464B9582",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-8200g_firmware:16.07.26a1:*:*:*:*:*:*:*",
"matchCriteriaId": "62210FE1-182A-464E-9230-16EB0A2C90C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-8200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F711B9-4D2E-4FE3-B1DB-68E3F15BCC26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en D-Link DI-7300G+ y DI-8200G 17.12.20A1/19.12.25A1. Esta vulnerabilidad afecta a una parte desconocida del archivo msp_info.htm. La manipulaci\u00f3n del argumento flag/cmd/iface provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"id": "CVE-2025-6899",
"lastModified": "2025-07-14T17:19:26.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-30T09:15:27.160",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_4_en.pdf"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.314391"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.314391"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.604444"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.dlink.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 07:15
Modified
2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro pap_en/chap_en de la funci\u00f3n pppoe_base.asp."
}
],
"id": "CVE-2023-45578",
"lastModified": "2024-11-21T08:26:59.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T07:15:08.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 07:15
Modified
2024-11-21 08:26
Severity ?
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de pila en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro wanid de la funci\u00f3n H5/speedlimit.data."
}
],
"id": "CVE-2023-45577",
"lastModified": "2024-11-21T08:26:59.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T07:15:08.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 06:15
Modified
2024-11-21 08:26
Severity ?
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7003g_firmware | * | |
| dlink | di-7003g | v2.d1 | |
| dlink | di-7100g\+_firmware | * | |
| dlink | di-7100g\+ | v2.d1 | |
| dlink | di-7100g_firmware | * | |
| dlink | di-7100g | v2.d1 | |
| dlink | di-7200g\+_firmware | * | |
| dlink | di-7200g\+ | v2.d1 | |
| dlink | di-7200g_firmware | * | |
| dlink | di-7200g | v2.e1 | |
| dlink | di-7300g\+_firmware | * | |
| dlink | di-7300g\+ | v2.d1 | |
| dlink | di-7400g\+_firmware | * | |
| dlink | di-7400g\+ | v2.d1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7003g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF075223-7784-4FB7-928A-CE097AD98324",
"versionEndIncluding": "23.08.25d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7003g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "31604D70-5B52-47AC-93A2-71166176253E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF92551F-76EE-48D4-AB93-40F427847907",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "F87354E1-7EFE-4935-ADDD-4614469C9E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7100g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713594B3-8B47-4756-9B7A-EC4F4CD2BD58",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7100g:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE715DF0-1341-4E7B-95BF-B1031BCFA185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE0C94D-A68E-4CAF-B6E1-124EAC124BF5",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "29E72D4B-FAA5-4C3E-942B-DB7C5CC55691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7200g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6055DC-C51D-4C52-B34D-0AEC6601CB99",
"versionEndIncluding": "23.08.23e1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7200g:v2.e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF945B6-549E-4F6A-9432-8D6B2A7E350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4E73CD-4883-4C19-9345-22281342B600",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "916E75E5-010A-4A8F-B3AD-21FCC76C890A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7400g\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46460C55-22D0-4D9C-B4D7-3F108F636469",
"versionEndIncluding": "23.08.23d1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7400g\\+:v2.d1:*:*:*:*:*:*:*",
"matchCriteriaId": "1495874C-DEF5-4200-B272-C7779EB3E265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo D-Link DI-7003GV2.D1 v.23.08.25D1 y anteriores, DI-7100G+V2.D1 v.23.08.23D1 y anteriores, DI-7100GV2.D1 v.23.08.23D1, DI-7200G +V2.D1 v.23.08.23D1 y anteriores, DI-7200GV2.E1 v.23.08.23E1 y anteriores, DI-7300G+V2.D1 v.23.08.23D1 y DI-7400G+V2.D1 v.23.08. 23D1 y anteriores permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro n de la funci\u00f3n mrclfile_del.asp."
}
],
"id": "CVE-2023-45573",
"lastModified": "2024-11-21T08:26:58.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T06:15:12.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-30 08:15
Modified
2025-07-14 17:19
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_3_en.pdf | Issue Tracking, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.314390 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.314390 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.604443 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.dlink.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-7300g\+_firmware | 19.12.25a1 | |
| dlink | di-7300g\+ | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-7300g\\+_firmware:19.12.25a1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8D1751-9FDA-4454-8A33-FEA687396B41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-7300g\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98A379EE-8626-4227-8B3C-89E4464B9582",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in\u00a0proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en D-Link DI-7300G+ 19.12.25A1. Este problema afecta a una funcionalidad desconocida del archivo proxy_client.asp. La manipulaci\u00f3n del argumento proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"id": "CVE-2025-6898",
"lastModified": "2025-07-14T17:19:15.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-30T08:15:24.113",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_3_en.pdf"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.314390"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.314390"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.604443"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.dlink.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
CVE-2023-45575 (GCVE-0-2023-45575)
Vulnerability from cvelistv5
Published
2023-10-16 00:00
Modified
2024-09-17 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:22:42.549572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:28:16.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T18:45:00.944649",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45575",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:28:16.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6898 (GCVE-0-2025-6898)
Vulnerability from cvelistv5
Published
2025-06-30 08:02
Modified
2025-06-30 17:47
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.314390 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.314390 | signature, permissions-required | |
| https://vuldb.com/?submit.604443 | third-party-advisory | |
| https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_3_en.pdf | exploit | |
| https://www.dlink.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6898",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T17:46:01.070918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T17:47:48.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DI-7300G+",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "19.12.25A1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shiny (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in\u00a0proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in D-Link DI-7300G+ 19.12.25A1 entdeckt. Davon betroffen ist unbekannter Code der Datei in\u00a0proxy_client.asp. Durch Beeinflussen des Arguments proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T08:02:06.036Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314390 | D-Link DI-7300G+ in\u00a0proxy_client.asp os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.314390"
},
{
"name": "VDB-314390 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314390"
},
{
"name": "Submit #604443 | D-Link D-Link DI-7300G+ DI-7300G+ V19.12.25A1 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.604443"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_3_en.pdf"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-29T14:01:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-7300G+ in\u00a0proxy_client.asp os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6898",
"datePublished": "2025-06-30T08:02:06.036Z",
"dateReserved": "2025-06-29T11:56:07.340Z",
"dateUpdated": "2025-06-30T17:47:48.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45574 (GCVE-0-2023-45574)
Vulnerability from cvelistv5
Published
2023-10-16 00:00
Modified
2024-09-17 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:31:34.936258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:35:48.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:18:11.333633",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45574",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:35:48.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45572 (GCVE-0-2023-45572)
Vulnerability from cvelistv5
Published
2023-10-16 00:00
Modified
2024-08-02 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:11:31.593672",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45572",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-08-02T20:21:16.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45577 (GCVE-0-2023-45577)
Vulnerability from cvelistv5
Published
2023-10-16 00:00
Modified
2024-09-18 16:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v.23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T16:05:14.060563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:10:57.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T18:53:01.094984",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45577",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T16:10:57.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45579 (GCVE-0-2023-45579)
Vulnerability from cvelistv5
Published
2023-10-16 00:00
Modified
2024-09-18 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.25D1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-700g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-700g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.23D1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "23.08.23D1,"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.23D1,",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.23E1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "23.08.23D1"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThan": "23.08.23D1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:23:37.447332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:55:41.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:34:20.604248",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45579",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T13:55:41.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45576 (GCVE-0-2023-45576)
Vulnerability from cvelistv5
Published
2023-10-16 00:00
Modified
2024-09-17 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T18:39:19.511593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:05:48.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:03:19.724593",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45576",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:05:48.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45573 (GCVE-0-2023-45573)
Vulnerability from cvelistv5
Published
2023-10-16 00:00
Modified
2024-09-17 19:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7300g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:36:09.770808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:39:42.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T21:01:57.752094",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45573",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-17T19:39:42.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6899 (GCVE-0-2025-6899)
Vulnerability from cvelistv5
Published
2025-06-30 08:32
Modified
2025-06-30 17:34
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.314391 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.314391 | signature, permissions-required | |
| https://vuldb.com/?submit.604444 | third-party-advisory | |
| https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_4_en.pdf | exploit | |
| https://www.dlink.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6899",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T17:32:01.074018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T17:34:29.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DI-7300G+",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.25A1"
}
]
},
{
"product": "DI-8200G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.25A1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shiny (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei msp_info.htm. Dank der Manipulation des Arguments flag/cmd/iface mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T08:32:05.999Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314391 | D-Link DI-7300G+/DI-8200G msp_info.htm os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.314391"
},
{
"name": "VDB-314391 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314391"
},
{
"name": "Submit #604444 | D-Link D-Link DI-7300G+\u3001D-Link DI-8200G DI-7300G+ V19.12.25A1\u3001DI_8200G-17.12.20A1 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.604444"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_4_en.pdf"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-29T14:01:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-7300G+/DI-8200G msp_info.htm os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6899",
"datePublished": "2025-06-30T08:32:05.999Z",
"dateReserved": "2025-06-29T11:56:11.016Z",
"dateUpdated": "2025-06-30T17:34:29.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6896 (GCVE-0-2025-6896)
Vulnerability from cvelistv5
Published
2025-06-30 07:02
Modified
2025-06-30 18:00
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.314388 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.314388 | signature, permissions-required | |
| https://vuldb.com/?submit.604441 | third-party-advisory | |
| https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_1_en.pdf | exploit | |
| https://www.dlink.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6896",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T18:00:08.285490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T18:00:17.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DI-7300G+",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "19.12.25A1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shiny (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in D-Link DI-7300G+ 19.12.25A1 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei wget_test.asp. Durch Manipulieren des Arguments url mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T07:02:05.641Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314388 | D-Link DI-7300G+ wget_test.asp os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.314388"
},
{
"name": "VDB-314388 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314388"
},
{
"name": "Submit #604441 | D-Link D-Link DI-7300G+ DI-7300G+ V19.12.25A1 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.604441"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_1_en.pdf"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-29T14:01:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-7300G+ wget_test.asp os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6896",
"datePublished": "2025-06-30T07:02:05.641Z",
"dateReserved": "2025-06-29T11:55:52.445Z",
"dateUpdated": "2025-06-30T18:00:17.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45578 (GCVE-0-2023-45578)
Vulnerability from cvelistv5
Published
2023-10-16 00:00
Modified
2024-09-18 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:di-7003gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7003gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.25d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7100g.v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100g.v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7100gv2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7100gv2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7200gv2.e1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7200gv2.e1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23e1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:d-link:di-7300g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7300g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:d-link:di-7400g_plus_v2.d1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-7400g_plus_v2.d1",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "23.08.23d1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:10:47.032855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:16:25.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T19:22:48.996130",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45578",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-09-18T14:16:25.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45580 (GCVE-0-2023-45580)
Vulnerability from cvelistv5
Published
2023-10-16 00:00
Modified
2024-10-16 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:19:03.398661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T15:01:53.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T21:06:46.625577",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45580",
"datePublished": "2023-10-16T00:00:00",
"dateReserved": "2023-10-09T00:00:00",
"dateUpdated": "2024-10-16T15:01:53.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6897 (GCVE-0-2025-6897)
Vulnerability from cvelistv5
Published
2025-06-30 07:32
Modified
2025-06-30 15:24
Severity ?
2.0 (Low) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.314389 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.314389 | signature, permissions-required | |
| https://vuldb.com/?submit.604442 | third-party-advisory | |
| https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_2_en.pdf | exploit | |
| https://www.dlink.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6897",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T15:24:06.405144Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T15:24:09.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_2_en.pdf"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DI-7300G+",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "19.12.25A1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shiny (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In D-Link DI-7300G+ 19.12.25A1 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei httpd_debug.asp. Durch das Beeinflussen des Arguments Time mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T07:32:05.975Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314389 | D-Link DI-7300G+ httpd_debug.asp os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.314389"
},
{
"name": "VDB-314389 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314389"
},
{
"name": "Submit #604442 | D-Link D-Link DI-7300G+ DI-7300G+ V19.12.25A1 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.604442"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_2_en.pdf"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-29T14:01:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-7300G+ httpd_debug.asp os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6897",
"datePublished": "2025-06-30T07:32:05.975Z",
"dateReserved": "2025-06-29T11:55:59.822Z",
"dateUpdated": "2025-06-30T15:24:09.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}