DI-7200GV2
by Dlink
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-44333 | Hig | 0.57 | 8.8 | 0.01 | Sep 9, 2024 | D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious string to the CGI function responsible for handling usb_paswd.asp. | ||
| CVE-2021-46227 | 0.01 | — | 0.10 | Feb 4, 2022 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. | |||
| CVE-2023-43196 | 0.00 | — | 0.01 | Sep 20, 2023 | D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function. | |||
| CVE-2023-43198 | 0.00 | — | 0.01 | Sep 20, 2023 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function. | |||
| CVE-2023-43197 | 0.00 | — | 0.01 | Sep 20, 2023 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function. | |||
| CVE-2023-43201 | 0.00 | — | 0.02 | Sep 20, 2023 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function. | |||
| CVE-2023-43199 | 0.00 | — | 0.01 | Sep 20, 2023 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function. | |||
| CVE-2023-43200 | 0.00 | — | 0.01 | Sep 20, 2023 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function. | |||
| CVE-2021-46226 | 0.00 | — | 0.06 | Feb 4, 2022 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter. | |||
| CVE-2021-46228 | 0.00 | — | 0.06 | Feb 4, 2022 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. | |||
| CVE-2021-46229 | 0.00 | — | 0.04 | Feb 4, 2022 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. | |||
| CVE-2021-46230 | 0.00 | — | 0.04 | Feb 4, 2022 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. | |||
| CVE-2021-46231 | 0.00 | — | 0.04 | Feb 4, 2022 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter. | |||
| CVE-2021-46233 | 0.00 | — | 0.04 | Feb 4, 2022 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter. | |||
| CVE-2021-46232 | 0.00 | — | 0.04 | Feb 4, 2022 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter. |
- risk 0.57cvss 8.8epss 0.01
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious string to the CGI function responsible for handling usb_paswd.asp.
- CVE-2021-46227Feb 4, 2022risk 0.01cvss —epss 0.10
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters.
- CVE-2023-43196Sep 20, 2023risk 0.00cvss —epss 0.01
D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.
- CVE-2023-43198Sep 20, 2023risk 0.00cvss —epss 0.01
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.
- CVE-2023-43197Sep 20, 2023risk 0.00cvss —epss 0.01
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.
- CVE-2023-43201Sep 20, 2023risk 0.00cvss —epss 0.02
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.
- CVE-2023-43199Sep 20, 2023risk 0.00cvss —epss 0.01
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.
- CVE-2023-43200Sep 20, 2023risk 0.00cvss —epss 0.01
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.
- CVE-2021-46226Feb 4, 2022risk 0.00cvss —epss 0.06
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter.
- CVE-2021-46228Feb 4, 2022risk 0.00cvss —epss 0.06
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter.
- CVE-2021-46229Feb 4, 2022risk 0.00cvss —epss 0.04
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter.
- CVE-2021-46230Feb 4, 2022risk 0.00cvss —epss 0.04
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters.
- CVE-2021-46231Feb 4, 2022risk 0.00cvss —epss 0.04
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter.
- CVE-2021-46233Feb 4, 2022risk 0.00cvss —epss 0.04
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter.
- CVE-2021-46232Feb 4, 2022risk 0.00cvss —epss 0.04
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter.