DIR-825 Rev.B
by Dlink
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9123 | Cri | 0.64 | 9.8 | 0.02 | Feb 25, 2019 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. | ||
| CVE-2020-10214 | Hig | 0.59 | 8.8 | 0.18 | Mar 7, 2020 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server. | ||
| CVE-2019-9122 | Hig | 0.59 | 8.8 | 0.24 | Feb 25, 2019 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request. | ||
| CVE-2020-10216 | Hig | 0.58 | 8.8 | 0.06 | Mar 7, 2020 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | ||
| CVE-2020-10215 | Hig | 0.58 | 8.8 | 0.06 | Mar 7, 2020 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | ||
| CVE-2020-10213 | Hig | 0.58 | 8.8 | 0.05 | Mar 7, 2020 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | ||
| CVE-2019-9126 | Hig | 0.49 | 7.5 | 0.02 | Feb 25, 2019 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN… |
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password.
- risk 0.59cvss 8.8epss 0.18
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.
- risk 0.59cvss 8.8epss 0.24
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request.
- risk 0.58cvss 8.8epss 0.06
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
- risk 0.58cvss 8.8epss 0.06
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
- risk 0.58cvss 8.8epss 0.05
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN…