Multiple SQL injection vulnerabilities in D-Link DSR-Routers

Overview :
Multiple SQL injection vulnerabilities in D-Link DSR Routers
Affected Product(s) :
  • D-Link DSR-150 (Firmware < v1.08B44)
  • D-Link DSR-150N (Firmware < v1.05B64)
  • D-Link DSR-250 and DSR-250N (Firmware < v1.08B44)
  • D-Link DSR-500 and DSR-500N (Firmware < v1.08B77)
  • D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77)

 

Vulnerability Details :
CVE ID : CVE-2013-5945
Authentication Bypass by SQL-Injection
CVE ID : CVE-2013-59456
Privilege Escalation by Arbitrary Command Execution

Solution :

latest firmware update will fix the attack.

 

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-1840 : Home Clean Services Management System Stored Cross-Site Scripting (XSS)

CVE-2022-1840 : Home Clean Services Management System Stored Cross-Site Scripting (XSS)

Description Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being

CVE-2022-1558 : Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2

CVE-2022-1558 : Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2

Description Several Cross-Site Scripting vulnerabilities in the Curtain WordPress plugin. Due to these Cross-Site Scripting vulnerabilities, an attacker would be

CVE-2022-AVAST2 : Self-Defense Bypass via Repairing Function

CVE-2022-AVAST2 : Self-Defense Bypass via Repairing Function

Description It was noted that there is security checking to prevent some of the Avast processes from loading of undesired/unsigned