Vulnerabilities > D Link > DIR 823G Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-31 | CVE-2019-7297 | OS Command Injection vulnerability in D-Link Dir-823G Firmware An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. | 9.8 |
| 2018-10-03 | CVE-2018-17881 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in D-Link Dir-823G Firmware On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. | 9.8 |
| 2018-10-02 | CVE-2018-17786 | Improper Authentication vulnerability in D-Link Dir-823G Firmware On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. | 9.8 |
| 2018-10-02 | CVE-2018-17787 | OS Command Injection vulnerability in D-Link Dir-823G Firmware On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. | 9.8 |