David Chen

6 exploits Active since Jan 2019
CVE-2019-7297 WRITEUP CRITICAL WRITEUP
D-Link DIR-823G <1.02B03 - Command Injection
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input.
CVSS 9.8
CVE-2019-7298 WRITEUP HIGH WRITEUP
D-Link DIR-823G <1.02B03 - Command Injection
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input.
CVSS 8.1
CVE-2019-7388 WRITEUP HIGH WRITEUP
D-Link DIR-823G <1.02B03 - Info Disclosure
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.
CVSS 7.5
CVE-2019-7389 WRITEUP HIGH WRITEUP
D-Link DIR-823G <1.02B03 - DoS
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication.
CVSS 7.5
CVE-2019-7390 WRITEUP HIGH WRITEUP
D-Link DIR-823G <1.02B03 - SSRF
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.
CVSS 8.6
CVE-2019-8392 WRITEUP HIGH WRITEUP
D-Link DIR-823G <1.02B03 - RCE
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.
CVSS 7.5