NVD disclosure day

Published threat advisories for November 4, 2021

CVE advisoryCRITICAL

CVE-2020-25368

D-Link DIR-823G Command Injection via HNAP1 Protocol

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A command injection vulnerability exists in the HNAP1 protocol of D-Link DIR-823G devices. Attackers can exploit this flaw via the login function to execute arbitrary commands by sending specially crafted requests over the network. This could lead to a compromise of the device's confidentiality, integrity, and availabi

CVE advisoryCRITICAL

CVE-2020-25366

D-Link DIR-823G Firmware Upload Denial of Service

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A denial-of-service vulnerability exists in a D-Link router's firmware upload component, potentially disrupting network services. Reachable without authentication, this issue could impact device availability. Security and network teams should identify affected devices and assess exposure.

CVE advisoryCRITICAL

CVE-2020-25367

D-Link DIR-823G HNAP1 Command Injection

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A command injection vulnerability in the HNAP1 protocol of D-Link DIR-823G devices allows unauthenticated attackers to execute arbitrary commands by sending malicious input via the Captcha field. This could lead to the execution of arbitrary web scripts on affected devices, posing a significant security risk due to its