Read Time:14 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50209.

Advisories

ZDI-23-1826: D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability

December 20, 2023

Read Time:13 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50210.

Advisories

ZDI-23-1827: D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability

December 20, 2023

Read Time:13 Second

Advisories

ZDI-23-1828: D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability

December 20, 2023

Read Time:13 Second

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2023-50212.

Advisories

ZDI-23-1829: D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability

December 20, 2023

Read Time:13 Second

Advisories

ZDI-23-1830: D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability

December 20, 2023

Read Time:13 Second

Advisories

ZDI-23-1831: D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability

December 20, 2023

Read Time:13 Second

Advisories

ZDI-23-1832: D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability

December 20, 2023

Read Time:13 Second

Advisories

ZDI-23-1833: D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability

December 20, 2023

Read Time:13 Second

Advisories

ZDI-23-1811: BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability

December 20, 2023

Read Time:16 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2023-50229.

Cyber Security News

Yearly Archives: 2023

ZDI-23-1825: D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability

ZDI-23-1826: D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-23-1827: D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-23-1828: D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability

ZDI-23-1829: D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability

ZDI-23-1830: D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability

ZDI-23-1831: D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability

ZDI-23-1832: D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability

ZDI-23-1833: D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability

ZDI-23-1811: BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability

News, Advisories and much more