CVE-2022-38873

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-345
View all →

Vulnerability Description

D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header.

Related Vulnerabilities

CVE-2015-5236

HIGH
CVSS:7.5(High)

It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not ha...

CWE-3452015

CVE-2015-7539

HIGH
CVSS:7.5(High)

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to e...

CWE-3452015

CVE-2016-1493

HIGH
CVSS:7.5(High)

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

CWE-3452016

CVE-2016-3983

HIGH
CVSS:7.5(High)

McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process.

CWE-3452016

CVE-2016-9450

HIGH
CVSS:7.5(High)

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

CWE-3452016

CVE-2017-10624

HIGH
CVSS:7.5(High)

Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affecte...

CWE-3452017