Filtered by vendor Dlink
Subscribe
Total
787 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19743 | 1 Dlink | 2 Dir-615 T1, Dir-615 T1 Firmware | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal. | |||||
| CVE-2019-19598 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function. | |||||
| CVE-2020-8862 | 1 Dlink | 2 Dap-2610, Dap-2610 Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082. | |||||
| CVE-2019-17508 | 1 Dlink | 4 Dir-850l A, Dir-850l A Firmware, Dir-859 A3 and 1 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. | |||||
| CVE-2019-17511 | 1 Dlink | 2 Dir-412, Dir-412 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can get the router's log file via log_get.php, which could be used to discover the intranet network structure. | |||||
| CVE-2019-20213 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | |||||
| CVE-2013-1601 | 1 Dlink | 34 Dcs-1100, Dcs-1100 Firmware, Dcs-1100l and 31 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03, which could let a malicious user obtain sensitive information. which could let a malicious user obtain sensitive information. | |||||
| CVE-2019-17510 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php. | |||||
| CVE-2013-4857 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-865L has PHP File Inclusion in the router xml file. | |||||
| CVE-2019-17512 | 1 Dlink | 2 Dir-412, Dir-412 Firmware | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces. | |||||
| CVE-2019-17509 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php. | |||||
| CVE-2013-7055 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | |||||
| CVE-2019-20499 | 1 Dlink | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter. | |||||
| CVE-2019-17506 | 1 Dlink | 4 Dir-817lw A1, Dir-817lw A1 Firmware, Dir-868l B1 and 1 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely. | |||||
| CVE-2013-4855 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-02-04 | 7.9 HIGH | 8.8 HIGH |
| D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. | |||||
| CVE-2013-1603 | 1 Dlink | 34 Dcs-1100, Dcs-1100 Firmware, Dcs-1100l and 31 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream. | |||||
| CVE-2020-8962 | 1 Dlink | 2 Dir-842, Dir-842 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint. | |||||
| CVE-2013-5945 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. | |||||
| CVE-2018-7859 | 1 Dlink | 16 Dgs-1510-20, Dgs-1510-20 Firmware, Dgs-1510-28 and 13 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit. | |||||
| CVE-2019-17505 | 1 Dlink | 2 Dap-1320 A2, Dap-1320 A2 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack. | |||||