Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Total 841 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-9557 1 Dlink 2 Dir-605l, Dir-605l Firmware 2024-10-08 9.0 HIGH 8.8 HIGH
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-9556 1 Dlink 2 Dir-605l, Dir-605l Firmware 2024-10-08 9.0 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-9558 1 Dlink 2 Dir-605l, Dir-605l Firmware 2024-10-08 9.0 HIGH 8.8 HIGH
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-9555 1 Dlink 2 Dir-605l, Dir-605l Firmware 2024-10-08 9.0 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-25280 1 Dlink 2 Dir820la1, Dir820la1 Firmware 2024-10-07 N/A 9.8 CRITICAL
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
CVE-2023-43242 1 Dlink 2 Dir-816a2, Dir-816a2 Firmware 2024-09-25 N/A 9.8 CRITICAL
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.
CVE-2023-43239 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2024-09-25 N/A 9.8 CRITICAL
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.
CVE-2023-43238 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2024-09-25 N/A 9.8 CRITICAL
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.
CVE-2023-43237 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2024-09-25 N/A 9.8 CRITICAL
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.
CVE-2023-43236 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2024-09-25 N/A 9.8 CRITICAL
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.
CVE-2023-43207 1 Dlink 2 Dwl-6610ap, Dwl-6610ap Firmware 2024-09-25 N/A 9.8 CRITICAL
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter.
CVE-2023-43206 1 Dlink 2 Dwl-6610ap, Dwl-6610ap Firmware 2024-09-25 N/A 9.8 CRITICAL
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter.
CVE-2023-43204 1 Dlink 2 Dwl-6610ap, Dwl-6610ap Firmware 2024-09-25 N/A 9.8 CRITICAL
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter.
CVE-2023-43203 1 Dlink 2 Dwl-6610ap, Dwl-6610ap Firmware 2024-09-25 N/A 9.8 CRITICAL
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.
CVE-2023-43202 1 Dlink 2 Dwl-6610ap, Dwl-6610ap Firmware 2024-09-25 N/A 9.8 CRITICAL
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.
CVE-2023-43862 1 Dlink 2 Dir-619l, Dir-619l Firmware 2024-09-23 N/A 7.5 HIGH
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLanguageChange function.
CVE-2024-9004 1 Dlink 2 Dar-7000, Dar-7000 Firmware 2024-09-23 6.5 MEDIUM 9.8 CRITICAL
A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-45696 1 Dlink 4 Covr-x1870, Covr-x1870 Firmware, Dir-x4860 and 1 more 2024-09-19 N/A 8.8 HIGH
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.
CVE-2024-45697 1 Dlink 2 Dir-x4860, Dir-x4860 Firmware 2024-09-19 N/A 9.8 CRITICAL
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.
CVE-2023-44832 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-09-19 N/A 7.5 HIGH
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.