24h | 7d | 30d

CVE-2009-2765

Overview

  • Pending
14 Aug 2009
Published
07 Aug 2024
Updated
CVSS
Pending
EPSS
92.26%
KEV

Description

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 19h ago

CVE-2024-10914

Overview

  • D-Link
  • DNS-320
06 Nov 2024
Published
24 Nov 2024
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
93.12%
KEV

Description

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 19h ago

CVE-2020-25506

Overview

  • Pending
02 Feb 2021
Published
21 Oct 2025
Updated
CVSS
Pending
EPSS
93.55%
KEV

Description

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 19h ago

CVE-2023-52163

Overview

  • Pending
03 Feb 2025
Published
05 Feb 2025
Updated
CVSS
Pending
EPSS
0.15%
KEV

Description

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 19h ago
Showing 31 to 34 of 34 CVEs