VYPR

DIR-825 Rev.B

by Dlink

CVEs (7)

  • CVE-2019-9123CriFeb 25, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password.

  • CVE-2020-10214HigMar 7, 2020
    risk 0.59cvss 8.8epss 0.18

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.

  • CVE-2019-9122HigFeb 25, 2019
    risk 0.59cvss 8.8epss 0.24

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request.

  • CVE-2020-10216HigMar 7, 2020
    risk 0.58cvss 8.8epss 0.06

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

  • CVE-2020-10215HigMar 7, 2020
    risk 0.58cvss 8.8epss 0.06

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

  • CVE-2020-10213HigMar 7, 2020
    risk 0.58cvss 8.8epss 0.05

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

  • CVE-2019-9126HigFeb 25, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN…