DAP1650
by Dlink
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-23625 | 0.01 | — | 0.23 | Jan 25, 2024 | A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | |||
| CVE-2024-23624 | 0.01 | — | 0.26 | Jan 25, 2024 | A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | |||
| CVE-2024-40505 | 0.00 | — | 0.00 | Jul 16, 2024 | Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. | |||
| CVE-2022-36588 | 0.00 | — | 0.01 | Sep 7, 2022 | In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy. | |||
| CVE-2019-12768 | 0.00 | — | 0.02 | Dec 30, 2020 | An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing. | |||
| CVE-2019-12767 | 0.00 | — | 0.02 | Mar 21, 2020 | An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands. |
- CVE-2024-23625Jan 25, 2024risk 0.01cvss —epss 0.23
A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.
- CVE-2024-23624Jan 25, 2024risk 0.01cvss —epss 0.26
A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.
- CVE-2024-40505Jul 16, 2024risk 0.00cvss —epss 0.00
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.
- CVE-2022-36588Sep 7, 2022risk 0.00cvss —epss 0.01
In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy.
- CVE-2019-12768Dec 30, 2020risk 0.00cvss —epss 0.02
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing.
- CVE-2019-12767Mar 21, 2020risk 0.00cvss —epss 0.02
An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands.