Filtered by vendor Dlink
Subscribe
Total
719 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-44127 | 1 Dlink | 2 Dap-1360, Dap-1360f1 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized. | |||||
CVE-2022-27289 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
CVE-2021-45382 | 1 Dlink | 12 Dir-810l, Dir-810l Firmware, Dir-820l and 9 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched. | |||||
CVE-2021-43722 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. | |||||
CVE-2022-27294 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | |||||
CVE-2021-46353 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. | |||||
CVE-2022-29324 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. | |||||
CVE-2022-27291 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network_enabled parameter. | |||||
CVE-2021-46441 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | |||||
CVE-2021-31326 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | 9.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. | |||||
CVE-2022-29326 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | |||||
CVE-2022-30521 | 1 Dlink | 2 Dir-890l, Dir-890l Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. | |||||
CVE-2021-46442 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization. | |||||
CVE-2021-46315 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters to cause arbitrary command execution. Since CVE-2019-17510 vulnerability has not been patched and improved www/hnap1/control/setwizardconfig.php, can also use line breaks and backquotes to bypass. | |||||
CVE-2022-29329 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. | |||||
CVE-2022-29328 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. | |||||
CVE-2022-29323 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. | |||||
CVE-2021-46319 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.This vulnerability is due to the fact that CVE-2019-17509 is not fully patched and can be bypassed by using line breaks or backticks on its basis. | |||||
CVE-2021-46379 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. | |||||
CVE-2022-27293 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. |