Filtered by vendor D-link
Subscribe
Total
158 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14428 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions. | |||||
CVE-2017-5633 | 2 D-link, Dlink | 2 Di-524 Firmware, Di-524 | 2025-04-20 | 8.5 HIGH | 8.0 HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. | |||||
CVE-2017-14416 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. | |||||
CVE-2017-14420 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-7857 | 2 D-link, Dlink | 14 Dnr-326 Firmware, Dns-320b Firmware, Dns-320l Firmware and 11 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. | |||||
CVE-2016-10405 | 2 D-link, Dlink | 2 Dir-600l Firmware, Dir-600l | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2016-1559 | 2 D-link, Dlink | 6 Dap-1353 H\/w B1 Firmware, Dap-2553 H\/w A1 Firmware, Dap-3520 H\/w A1 Firmware and 3 more | 2025-04-20 | 2.6 LOW | 8.1 HIGH |
D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. | |||||
CVE-2017-14426 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions. | |||||
CVE-2017-9542 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. | |||||
CVE-2017-14423 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. | |||||
CVE-2017-3192 | 2 D-link, Dlink | 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device. | |||||
CVE-2017-3191 | 2 D-link, Dlink | 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials. | |||||
CVE-2017-14421 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. | |||||
CVE-2017-17065 | 1 D-link | 2 Dir-605l Model B, Dir-605l Model B Firmware | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request. | |||||
CVE-2017-14425 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. | |||||
CVE-2015-1187 | 3 D-link, Dlink, Trendnet | 30 Dir-626l Firmware, Dir-636l Firmware, Dir-651 Firmware and 27 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | |||||
CVE-2015-7246 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | |||||
CVE-2017-5874 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | |||||
CVE-2017-14422 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||
CVE-2017-10676 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. |