Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Total 841 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-44837 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-09-19 N/A 7.5 HIGH
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2023-44836 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-09-19 N/A 7.5 HIGH
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2023-44835 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-09-19 N/A 7.5 HIGH
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2023-44834 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-09-19 N/A 7.5 HIGH
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2023-44833 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-09-19 N/A 7.5 HIGH
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2023-44959 1 Dlink 2 Dsl-3782, Dsl-3782 Firmware 2024-09-18 N/A 8.8 HIGH
An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page.
CVE-2024-45695 1 Dlink 2 Dir-x4860, Dir-x4860 Firmware 2024-09-17 N/A 9.8 CRITICAL
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
CVE-2024-45694 1 Dlink 4 Dir-x4860, Dir-x4860 Firmware, Dir-x5460 and 1 more 2024-09-17 N/A 9.8 CRITICAL
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
CVE-2024-44375 1 Dlink 2 Di-8100, Di-8100 Firmware 2024-09-17 N/A 7.5 HIGH
D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function.
CVE-2023-44809 1 Dlink 2 Dir-820l, Dir-820l Firmware 2024-09-17 N/A 9.8 CRITICAL
D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.
CVE-2023-46033 1 Dlink 4 Dsl-2730u, Dsl-2730u Firmware, Dsl-2750u and 1 more 2024-09-12 N/A 6.8 MEDIUM
D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control.
CVE-2024-8461 1 Dlink 2 Dns-320, Dns-320 Firmware 2024-09-12 5.0 MEDIUM 5.3 MEDIUM
A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-44401 1 Dlink 2 Di-8100g, Di-8100g Firmware 2024-09-12 N/A 9.8 CRITICAL
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file
CVE-2024-7436 1 Dlink 2 Di-8100, Di-8100 Firmware 2024-09-11 6.5 MEDIUM 8.8 HIGH
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability.
CVE-2024-22651 1 Dlink 2 Dir-815, Dir-815 Firmware 2024-09-10 N/A 9.8 CRITICAL
There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.
CVE-2024-44410 1 Dlink 2 Di-8300, Di-8300 Firmware 2024-09-10 N/A 9.8 CRITICAL
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.
CVE-2024-44408 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-09-10 N/A 7.5 HIGH
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.
CVE-2024-44402 1 Dlink 2 Di-8100g, Di-8100g Firmware 2024-09-10 N/A 9.8 CRITICAL
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.
CVE-2024-8460 1 Dlink 2 Dns-320, Dns-320 Firmware 2024-09-06 2.6 LOW 5.9 MEDIUM
A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Affected by this issue is some unknown functionality of the file /cgi-bin/widget_api.cgi of the component Web Management Interface. The manipulation of the argument getHD/getSer/getSys leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-44342 1 Dlink 2 Dir-846w, Dir-846w Firmware 2024-08-30 N/A 9.8 CRITICAL
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request.