Filtered by vendor Dlink
Subscribe
Total
719 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28840 | 1 Dlink | 18 Dap-2310, Dap-2310 Firmware, Dap-2330 and 15 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_config function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the content in upload_file variable is NULL in the upload_config function then the strncasecmp would take NULL as first argument, and incur the NULL pointer dereference vulnerability. | |||||
| CVE-2021-26810 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter. | |||||
| CVE-2021-37388 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution. | |||||
| CVE-2021-28839 | 1 Dlink | 18 Dap-2310, Dap-2310 Firmware, Dap-2330 and 15 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the strrchr in the upload_certificate function would take NULL as first argument, and incur the NULL pointer dereference vulnerability. | |||||
| CVE-2021-34830 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028. | |||||
| CVE-2021-30072 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication. | |||||
| CVE-2021-27249 | 2 D-link, Dlink | 2 Dap-2020 Firmware, Dap-2020 | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369. | |||||
| CVE-2021-3707 | 1 Dlink | 2 Dsl-2750u, Dsl-2750u Firmware | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device. | |||||
| CVE-2021-28838 | 1 Dlink | 18 Dap-2310, Dap-2310 Firmware, Dap-2330 and 15 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary. | |||||
| CVE-2021-20696 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program. | |||||
| CVE-2021-39510 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters. | |||||
| CVE-2020-29322 | 1 Dlink | 2 Dir-880l, Dir-880l Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2021-34829 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065. | |||||
| CVE-2021-33346 | 1 Dlink | 2 Dsl-2888a, Dsl-2888a Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization. | |||||
| CVE-2021-34828 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066. | |||||
| CVE-2021-20694 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors. | |||||
| CVE-2021-34827 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029. | |||||
| CVE-2021-20697 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors. | |||||
| CVE-2020-29321 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | |||||
| CVE-2021-39614 | 1 Dlink | 2 Dvx-2000ms, Dvx-2000ms Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. | |||||