doudoudedi

5 exploits Active since Feb 2020
CVE-2020-0014 NOMISEC MEDIUM WORKING POC
Android 8.0-10 - Unauthenticated Privilege Escalation via TYPE_TOAST Window Injection
It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520
CVSS 5.5
CVE-2021-39509 WRITEUP CRITICAL WRITEUP
D-Link DIR-816 A2 Firmware 1.10CNB05_R1B011D88210 - OS Command Injection via form2userconfig.cgi Username Parameter
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.
CVSS 9.8
CVE-2021-39509 WRITEUP CRITICAL WORKING POC
D-Link DIR-816 A2 Firmware 1.10CNB05_R1B011D88210 - OS Command Injection via form2userconfig.cgi Username Parameter
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.
CVSS 9.8
CVE-2021-39510 WRITEUP CRITICAL WORKING POC
D-Link DIR-816 A1 FW101CNB04 - OS Command Injection via form2userconfig.cgi Username Parameter
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.
CVSS 9.8
CVE-2021-45382 WRITEUP CRITICAL WRITEUP
D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, DIR-836L - Remote Code Execution via DDNS Function
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.
CVSS 9.8