Filtered by vendor Dlink
Subscribe
Total
1263 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-1187 | 3 D-link, Dlink, Trendnet | 30 Dir-626l Firmware, Dir-636l Firmware, Dir-651 Firmware and 27 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | |||||
CVE-2017-6206 | 1 Dlink | 7 Websmart Dgs-1510-20, Websmart Dgs-1510-28, Websmart Dgs-1510-28p and 4 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors. | |||||
CVE-2015-7246 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | |||||
CVE-2016-1558 | 1 Dlink | 20 Dap-2230, Dap-2230 Firmware, Dap-2310 and 17 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie. | |||||
CVE-2017-5874 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | |||||
CVE-2017-7405 | 1 Dlink | 1 Dir-615 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials. | |||||
CVE-2017-14422 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||
CVE-2017-10676 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. | |||||
CVE-2017-14414 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | |||||
CVE-2017-3193 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. | |||||
CVE-2016-10178 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. | |||||
CVE-2024-57440 | 1 Dlink | 2 Dsl-3788, Dsl-3788 Firmware | 2025-04-15 | N/A | 7.5 HIGH |
D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi | |||||
CVE-2024-27662 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-04-15 | N/A | 6.5 MEDIUM |
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
CVE-2025-28395 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-04-15 | N/A | 7.1 HIGH |
D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter. | |||||
CVE-2025-28398 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-04-15 | N/A | 7.1 HIGH |
D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter. | |||||
CVE-2022-46570 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-04-15 | N/A | 7.2 HIGH |
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module. | |||||
CVE-2022-46569 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-04-15 | N/A | 7.2 HIGH |
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module. | |||||
CVE-2022-46568 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-04-15 | N/A | 7.2 HIGH |
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the AccountPassword parameter in the SetSysEmailSettings module. | |||||
CVE-2022-46566 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-04-15 | N/A | 7.2 HIGH |
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module. | |||||
CVE-2022-46563 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-04-15 | N/A | 7.2 HIGH |
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetDynamicDNSSettings module. |