Filtered by vendor Dlink
Subscribe
Total
719 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-28896 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
CVE-2022-29325 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. | |||||
CVE-2022-28573 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter. | |||||
CVE-2021-46108 | 1 Dlink | 2 Dsl-2730e, Dsl-2730e Firmware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration. | |||||
CVE-2021-43474 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function | |||||
CVE-2018-18907 | 1 Dlink | 2 Dir-850l, Dir-850l Firmare | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption. | |||||
CVE-2022-29332 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server. | |||||
CVE-2022-29322 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. | |||||
CVE-2022-26670 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service. | |||||
CVE-2022-27295 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | |||||
CVE-2022-27286 | 1 Dlink | 2 Dir-619 Ax, Dir-619 Ax Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
CVE-2022-27287 | 1 Dlink | 2 Dir-619 Ax, Dir-619 Ax Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
CVE-2022-27288 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
CVE-2022-32092 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. | |||||
CVE-2021-46378 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. | |||||
CVE-2022-28955 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. | |||||
CVE-2021-20132 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0). | |||||
CVE-2021-34860 | 1 Dlink | 2 Dap-2020, Dap-2020 Firmware | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-12103. | |||||
CVE-2021-33269 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request. | |||||
CVE-2021-44881 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. |