RSS   Vulnerabilities for 'Dir-878 firmware'   RSS

2019-02-12
 
CVE-2019-8319

CWE-77
 

 
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv4Settings API function, as demonstrated by shell metacharacters in the Gateway field.

 
 
CVE-2019-8318

CWE-77
 

 
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysEmailSettings API function, as demonstrated by shell metacharacters in the SMTPServerPort field.

 
 
CVE-2019-8317

CWE-77
 

 
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv6Settings API function, as demonstrated by shell metacharacters in the DestNetwork field.

 
 
CVE-2019-8316

CWE-77
 

 
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWebFilterSettings API function, as demonstrated by shell metacharacters in the WebFilterURLs field.

 
 
CVE-2019-8315

CWE-77
 

 
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv4FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv4AddressRangeStart field.

 
 
CVE-2019-8314

CWE-77
 

 
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetQoSSettings API function, as demonstrated by shell metacharacters in the IPAddress field.

 
 
CVE-2019-8313

CWE-77
 

 
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv6FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv6AddressRangeStart field.

 
 
CVE-2019-8312

CWE-77
 

 
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysLogSettings API function, as demonstrated by shell metacharacters in the IPAddress field.

 

 >>> Vendor: Dlink 94 Products
Dwl-2100ap
Mpeg4 viewer activex control
Dir-615
Dcs-2121 firmware
Dcs-2121
Des-3800 firmware
Dwl-2100ap firmware
Dwl-3200ap firmware
Des-3800
Dwl-3200ap
Dir-685
Dsl-2640b
Dsl-2640b firmware
Dcs-2000
Dcs-5300
Dcs-900
Des-3810
Des-3810 firmware
Dsl-2740b
Dsl-2740b firmware
Dir865l
Dir865l firmware
Dsl-2760u
Des-3810-28
Des-3810-28 firmware
Dir-601 firmware
Dir-655 firmware
Dcs-931l firmware
Dcs-932l firmware
Dir-605l firmware
Dir-816l firmware
Dir-822 firmware
Dir-818l(w) firmware
Dir-823 firmware
Dir-868l firmware
Dir-880l firmware
Dir-885l firmware
Dir-890l firmware
Dir-895l firmware
Dwr-932b firmware
Websmart dgs-1510 series firmware
Dsl-2730u firmware
Di-524 firmware
Dir-600m firmware
Dir-615 firmware
Dwr-116 firmware
Dcs-5009l firmware
Dcs-5025l firmware
Dcs-933l firmware
Dcs-930l firmware
Dcs-934l firmware
Dcs-5030l firmware
Dcs-5010l firmware
Dcs-5020l firmware
Dir-850l firmware
Dwr-933 firmware
Dir-860l firmware
Dsl-3782 firmware
Dir-620 firmware
Dir-846 firmware
Eyeon baby monitor firmware
Dir-823g firmware
Dcm-604 firmware
Dcm-704 firmware
Dir-818lw firmware
Dir-140l firmware
Dir-640l firmware
Dwr-512 firmware
Dwr-921 firmware
Dsl-2770l firmware
Dwr-555 firmware
Dir-822-us firmware
Dva-5592 firmware
Dir-878 firmware
Central wifimanager
Dir-816 firmware
Dir-817lw firmware
Dir-300 firmware
Dir-865 firmware
Dcs-1130 firmware
Dcs-1100 firmware
Dsl-2750u firmware
6600-ap firmware
Dwl-3600ap firmware
Dwl-8610ap firmware
Dir-806 firmware
Dns-320 firmware
Dhp-1565 firmware
Dir-652 firmware
Dir-866l firmware
Dir-816 a1 firmware
Dap-1320 a2 firmware
Dir-850l a firmware
Dir-859 a3 firmware


Copyright 2024, cxsecurity.com

 

Back to Top