SB2023122131 - Multiple vulnerabilities in D-Link G416
Published: December 21, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 20 secuirty vulnerabilities.
1) OS Command Injection (CVE-ID: CVE-2023-50217)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the awsfile rm function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Missing Authentication for Critical Function (CVE-ID: CVE-2023-50199)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing authentication for critical function in httpd function. A remote attacker on the local network can gain access to critical functions on the device.
3) OS Command Injection (CVE-ID: CVE-2023-50200)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the cfgsave backusb function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) OS Command Injection (CVE-ID: CVE-2023-50201)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the cfgsave upusb function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) OS Command Injection (CVE-ID: CVE-2023-50198)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the cfgsave function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) OS Command Injection (CVE-ID: CVE-2023-50202)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the flupl pythonmodules function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) OS Command Injection (CVE-ID: CVE-2023-50203)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the nodered chmod function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) OS Command Injection (CVE-ID: CVE-2023-50204)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the flupl pythonapp function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) OS Command Injection (CVE-ID: CVE-2023-50205)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in awsfile chmod function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) OS Command Injection (CVE-ID: CVE-2023-50206)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in flupl query_type edit function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) OS Command Injection (CVE-ID: CVE-2023-50207)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in flupl filename command within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Stack-based buffer overflow (CVE-ID: CVE-2023-50208)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the ovpncfg function within the HTTP service. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Stack-based buffer overflow (CVE-ID: CVE-2023-50209)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the cfgsave function within the HTTP service. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Stack-based buffer overflow (CVE-ID: CVE-2023-50210)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in httpd API-AUTH Digest function within the HTTP service. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Stack-based buffer overflow (CVE-ID: CVE-2023-50211)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in httpd API-AUTH Timestamp Processing function within the HTTP service. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Improper handling of exceptional conditions (CVE-ID: CVE-2023-50212)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper handling of errors in the httpd function within the HTTP service. A remote attacker on the local network can send specially crafted input and gain access to restricted information.
17) OS Command Injection (CVE-ID: CVE-2023-50213)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the nodered function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) OS Command Injection (CVE-ID: CVE-2023-50214)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the nodered tar function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) OS Command Injection (CVE-ID: CVE-2023-50215)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the nodered gz function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) OS Command Injection (CVE-ID: CVE-2023-50216)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the awsfile tar function within the HTTP service. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://www.zerodayinitiative.com/advisories/ZDI-23-1833/
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367
- https://www.zerodayinitiative.com/advisories/ZDI-23-1815/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1816/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1817/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1814/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1818/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1819/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1820/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1821/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1822/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1823/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1824/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1825/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1826/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1827/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1828/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1829/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1830/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1831/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1832/