Vulnerabilities > D Link > DIR 823G Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-01-31 CVE-2019-7297 OS Command Injection vulnerability in D-Link Dir-823G Firmware
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03.
network
low complexity
d-link CWE-78
critical
9.8
2018-10-03 CVE-2018-17881 Weak Password Recovery Mechanism for Forgotten Password vulnerability in D-Link Dir-823G Firmware
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.
network
low complexity
d-link CWE-640
critical
9.8
2018-10-03 CVE-2018-17880 Missing Authentication for Critical Function vulnerability in D-Link Dir-823G Firmware
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot.
network
low complexity
d-link CWE-306
7.5
2018-10-02 CVE-2018-17787 OS Command Injection vulnerability in D-Link Dir-823G Firmware
On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function.
network
low complexity
d-link CWE-78
critical
9.8
2018-10-02 CVE-2018-17786 Improper Authentication vulnerability in D-Link Dir-823G Firmware
On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code.
network
low complexity
d-link CWE-287
critical
9.8