Yangyi

8 exploits Active since Jan 2024
CVE-2023-51984 WRITEUP CRITICAL WRITEUP
D-Link DIR-822+ V1.0.2 - Command Injection
D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell.
CVSS 9.8
CVE-2023-51987 WRITEUP CRITICAL WRITEUP
D-Link DIR-822+ V1.0.2 - Auth Bypass
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords.
CVSS 9.8
CVE-2024-22942 WRITEUP CRITICAL WRITEUP
TOTOLINK A3300R V17.0.0cu.557_B20221024 - Command Injection
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
CVSS 9.8
CVE-2024-23057 WRITEUP CRITICAL WRITEUP
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setNtpCfg tz Parameter
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
CVSS 9.8
CVE-2024-23058 WRITEUP CRITICAL WRITEUP
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setTr069Cfg Pass Parameter
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
CVSS 9.8
CVE-2024-23059 WRITEUP CRITICAL WRITEUP
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setDdnsCfg Username Parameter
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
CVSS 9.8
CVE-2024-23060 WRITEUP CRITICAL WRITEUP
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setDmzCfg ip Parameter
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
CVSS 9.8
CVE-2024-23061 WRITEUP CRITICAL WRITEUP
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setScheduleCfg Minute Parameter
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
CVSS 9.8