A remote attacker could exploit this vulnerability to gain access to the system and take control of it. A fix was released by D-Link and it comes with the software version v1.08.
CVE-2018-7088 D-Link COVR v1.08 is vulnerable to a command injection bug that could allow attackers to execute arbitrary code on the device. The issue is discovered in the Tomography Settings set through the HTTP RPC. An attacker can exploit a remote code execution flaw in the software by sending a specially crafted request to the device. A successful exploit could allow an attacker to take complete control of an affected device remotely. D-Link has released a patch for this vulnerability and it comes with the software version v1.08.
CVE-2018-7089 D-Link COVR v1.08 is vulnerable to a command injection bug that could allow attackers to execute arbitrary code on the device. The issue is discovered in the Tomography Settings set through the HTTP RPC. An attacker can exploit a remote code execution flaw in the software by sending a specially crafted request to the device. A successful exploit could allow an attacker to take complete control of an affected device remotely. D-Link has released a patch for this vulnerability and it comes with the software version v1.08.
CVE-2018-7090 D-Link COVR v1.08 is vulnerable to a command injection bug that could allow attackers to execute arbitrary code on the device. The
D-Link DNS-327 Securifi Almond v2.4 is vulnerable to multiple remote code execution bugs due to several buffer overflow vulnerabilities. The issue is discovered in the Almond software, which could allow an attacker to execute arbitrary code on the device remotely. D-Link has released a patch for this vulnerability and it comes with the software version v2.4.
CVE-2018-7091 D-Link COVR v1.08 is vulnerable to a command injection bug that could allow attackers to execute arbitrary code on the device. The issue is discovered in the Tomography Settings set through the HTTP RPC. An attacker can exploit a remote code execution flaw in the software by sending a specially crafted request to the device. A successful exploit could allow an attacker to take complete control of an affected device remotely. D-Link has released a patch for this vulnerability and it comes with the software version v1.08
Timeline
Published on: 10/13/2022 19:15:00 UTC
Last modified on: 10/18/2022 12:22:00 UTC