Filtered by vendor Dlink
Subscribe
Total
787 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24579 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. | |||||
| CVE-2020-24581 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-02-04 | 7.7 HIGH | 8.0 HIGH |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands. | |||||
| CVE-2020-27865 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894. | |||||
| CVE-2021-28144 | 1 Dlink | 2 Dir-3060, Dir-3060 Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely. | |||||
| CVE-2020-8864 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471. | |||||
| CVE-2020-13136 | 1 Dlink | 2 Dsp-w215, Dsp-w215 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. | |||||
| CVE-2019-17525 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks. | |||||
| CVE-2020-8863 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470. | |||||
| CVE-2020-9275 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials. | |||||
| CVE-2020-13785 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. | |||||
| CVE-2020-13786 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. | |||||
| CVE-2020-15633 | 2 D-link, Dlink | 6 Dir-867 Firmware, Dir-878 Firmware, Dir-882 Firmware and 3 more | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835. | |||||
| CVE-2020-15894 | 2 D-link, Dlink | 2 Dir-816l Firmware, Dir-816l | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. | |||||
| CVE-2020-13787 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. | |||||
| CVE-2020-13782 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. | |||||
| CVE-2020-15893 | 2 D-link, Dlink | 2 Dir-816l Firmware, Dir-816l | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. | |||||
| CVE-2018-20432 | 1 Dlink | 4 Covr-2600r, Covr-2600r Firmware, Covr-3902 and 1 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. | |||||
| CVE-2019-18666 | 1 Dlink | 2 Dap-1360 Revision F, Dap-1360 Revision F Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. | |||||
| CVE-2020-9277 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication. | |||||
| CVE-2020-13784 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | |||||