VulInfo

These are the vulnerabilities discovered by Galaxy Lab.

D-Link

DIR-846

• CVE-2018-16408: Remote code execution. Credit: bigbear
• CVE-2018-16823:Remote code execution. Credit: bigbear
• CVE-2018-16830:Change admin password. Credit: bigbear
• CVE-2018-16824:Turn off verification. Credit: bigbear
• CVE-2018-16828:Unauthorized syslog file download. Credit: bigbear
• CVE-2018-16827:Unauthorized config file download. Credit: bigbear
• CVE-2018-16825:Unauthorized config file upload. Credit: bigbear
• CVE-2018-16826:Unauthorized firmware upload. Credit: bigbear
• CVE-2018-16829:Unauthorized change admin password. Credit: bigbear

DIR-816

• CVE-2018-17066: Command injection. Credit: nabla
• CVE-2018-17068: Command injection. Credit: nabla
• CVE-2018-17064: Command injection. Credit: nabla
• CVE-2018-17063: Command injection. Credit: nabla
• CVE-2018-17067: Stack overflow. Credit: nabla
• CVE-2018-17065: Stack overflow. Credit: nabla
• CVE-2019-10041: Edit System Account Without Authentication. Credit: lbp
• CVE-2019-10039: Edit Web And System Account Without Authentication. Credit: lbp
• CVE-2019-10040: Remote Command Execute. Credit: lbp
• CVE-2019-10042: Reset Router Without Authentication. Credit: lbp

ASUS

GT-AC5300

• CVE-2018-17020:Denial of Service. Credit: bigbear
• CVE-2018-17021:Cross Site Scripting. Credit: bigbear
• CVE-2018-17022:Stack overflow. Credit: bigbear
• CVE-2018-17023:Cross-site request forgery. Credit: bigbear
• CVE-2018-17127: NULL Dereference. Credit: nabla

SMARTY

• CVE-2018-16831:Directory Traversal. Credit: bigbear

TP-Link

WR886N

• CVE-2018-17004:Denial of Service. Credit: lbp
• CVE-2018-17005:Denial of Service. Credit: lbp
• CVE-2018-17006:Denial of Service. Credit: lbp
• CVE-2018-17007:Denial of Service. Credit: lbp
• CVE-2018-17008:Denial of Service. Credit: lbp
• CVE-2018-17009:Denial of Service. Credit: lbp
• CVE-2018-17010:Denial of Service. Credit: lbp
• CVE-2018-17011:Denial of Service. Credit: lbp
• CVE-2018-17012:Denial of Service. Credit: lbp
• CVE-2018-17013:Denial of Service. Credit: lbp
• CVE-2018-17014:Denial of Service. Credit: lbp
• CVE-2018-17015:Denial of Service. Credit: lbp
• CVE-2018-17016:Denial of Service. Credit: lbp
• CVE-2018-17017:Denial of Service. Credit: lbp
• CVE-2018-17018:Denial of Service. Credit: lbp
• CVE-2018-19528:Buff Overflow. Credit: lbp

MiWifi

ALL

• CVE-2018-17424:Command Injection. Credit: GToad
• CVE-2018-17853:Command Injection. Credit: GToad
• CVE-2018-18067:Command Injection. Credit: GToad
• CVE-2018-17453:Command Injection. Credit: GToad
• CVE-2018-18421:Command Injection. Credit: GToad
• CVE-2018-18522:Command Injection. Credit: GToad
• CVE-2018-18523:Command Injection. Credit: GToad
• CVE-2018-18549:Command Injection. Credit: GToad

Pippo

ALL

• CVE-2017-18349:CWE-502: Deserialization of Untrusted Data. Credit: JayZhang
• CVE-2018-18240:CWE-502: Deserialization of Untrusted Data. Credit: JayZhang
• CVE-2018-18628:CWE-502: Deserialization of Untrusted Data. Credit: JayZhang

httl

ALL

• CVE-2018-19530:CWE-502: Deserialization of Untrusted Data. Credit: bigbear
• CVE-2018-19531:CWE-502: Deserialization of Untrusted Data. Credit: bigbear