Vulnerabilities (CVE)

Filtered by vendor D-link Subscribe
Total 158 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14428 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 2.1 LOW 7.8 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.
CVE-2017-5633 2 D-link, Dlink 2 Di-524 Firmware, Di-524 2025-04-20 8.5 HIGH 8.0 HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs.
CVE-2017-14416 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.
CVE-2017-14420 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7857 2 D-link, Dlink 14 Dnr-326 Firmware, Dns-320b Firmware, Dns-320l Firmware and 11 more 2025-04-20 10.0 HIGH 9.8 CRITICAL
D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin.
CVE-2016-10405 2 D-link, Dlink 2 Dir-600l Firmware, Dir-600l 2025-04-20 7.5 HIGH 9.8 CRITICAL
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2016-1559 2 D-link, Dlink 6 Dap-1353 H\/w B1 Firmware, Dap-2553 H\/w A1 Firmware, Dap-3520 H\/w A1 Firmware and 3 more 2025-04-20 2.6 LOW 8.1 HIGH
D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP.
CVE-2017-14426 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 2.1 LOW 7.8 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.
CVE-2017-9542 2 D-link, Dlink 2 Dir-615 Firmware, Dir-615 2025-04-20 10.0 HIGH 9.8 CRITICAL
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.
CVE-2017-14423 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 5.0 MEDIUM 7.5 HIGH
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.
CVE-2017-3192 2 D-link, Dlink 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more 2025-04-20 5.0 MEDIUM 9.8 CRITICAL
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.
CVE-2017-3191 2 D-link, Dlink 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more 2025-04-20 5.0 MEDIUM 9.8 CRITICAL
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.
CVE-2017-14421 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 10.0 HIGH 9.8 CRITICAL
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.
CVE-2017-17065 1 D-link 2 Dir-605l Model B, Dir-605l Model B Firmware 2025-04-20 7.8 HIGH 7.5 HIGH
An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request.
CVE-2017-14425 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 2.1 LOW 7.8 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.
CVE-2015-1187 3 D-link, Dlink, Trendnet 30 Dir-626l Firmware, Dir-636l Firmware, Dir-651 Firmware and 27 more 2025-04-20 10.0 HIGH 9.8 CRITICAL
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
CVE-2015-7246 2 D-link, Dlink 2 Dvg-n5402sp Firmware, Dvg-n5402sp 2025-04-20 10.0 HIGH 9.8 CRITICAL
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
CVE-2017-5874 2 D-link, Dlink 2 Dir-600m Firmware, Dir-600m 2025-04-20 6.8 MEDIUM 8.8 HIGH
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact.
CVE-2017-14422 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 5.0 MEDIUM 7.5 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVE-2017-10676 2 D-link, Dlink 2 Dir-600m Firmware, Dir-600m 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.