Filtered by vendor Dlink
Subscribe
Total
719 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-34974 | 1 Dlink | 2 Dir820la1, Dir820la1 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. | |||||
CVE-2021-42627 | 1 Dlink | 8 Dir-615, Dir-615 Firmware, Dir-615 J1 and 5 more | 2024-02-04 | N/A | 9.8 CRITICAL |
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. | |||||
CVE-2022-34527 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-02-04 | N/A | 8.8 HIGH |
D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. | |||||
CVE-2022-37130 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability | |||||
CVE-2022-43003 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. | |||||
CVE-2022-35620 | 1 Dlink | 2 Dir-818l, Dir-818l Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main. | |||||
CVE-2022-28901 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
CVE-2022-27292 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter. | |||||
CVE-2022-27290 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
CVE-2022-29321 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. | |||||
CVE-2022-28956 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. | |||||
CVE-2022-1262 | 1 Dlink | 20 Dir-1360, Dir-1360 Firmware, Dir-1760 and 17 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. | |||||
CVE-2022-28915 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | |||||
CVE-2022-28895 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
CVE-2022-28571 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-02-04 | 5.8 MEDIUM | 9.8 CRITICAL |
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. | |||||
CVE-2022-25106 | 1 Dlink | 4 Dir-859, Dir-859 A3, Dir-859 A3 Firmware and 1 more | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | |||||
CVE-2021-46381 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. | |||||
CVE-2022-29327 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. | |||||
CVE-2021-46314 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name. | |||||
CVE-2021-44127 | 1 Dlink | 2 Dap-1360, Dap-1360f1 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized. |