Filtered by vendor Dlink
Subscribe
Total
787 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3136 | 1 Dlink | 2 Dwr-113, Dwr-113 Firmware | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors. | |||||
| CVE-2019-16327 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product. | |||||
| CVE-2019-16326 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product. | |||||
| CVE-2017-14948 | 1 Dlink | 12 Dir-868l, Dir-868l Firmware, Dir-880l and 9 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution. | |||||
| CVE-2020-10216 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | |||||
| CVE-2020-9534 | 1 Dlink | 2 Dir-615jx10, Dir-615jx10 Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed. | |||||
| CVE-2013-4856 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-02-04 | 2.9 LOW | 6.5 MEDIUM |
| D-Link DIR-865L has Information Disclosure. | |||||
| CVE-2019-20217 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. | |||||
| CVE-2020-10214 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server. | |||||
| CVE-2019-19225 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request. | |||||
| CVE-2012-6613 | 1 Dlink | 2 Dsr-250n, Dsr-250n Firmware | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. | |||||
| CVE-2013-1602 | 1 Dlink | 34 Dcs-1100, Dcs-1100 Firmware, Dcs-1100l and 31 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams. | |||||
| CVE-2019-19224 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface. | |||||
| CVE-2013-7054 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-100 4.03B07: cli.cgi XSS | |||||
| CVE-2019-17146 | 1 Dlink | 4 Dcs-935l, Dcs-935l Firmware, Dcs-960l and 1 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction request header, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8458. | |||||
| CVE-2019-19742 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. | |||||
| CVE-2019-17353 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-02-04 | 6.4 MEDIUM | 8.2 HIGH |
| An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. | |||||
| CVE-2019-19223 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface. | |||||
| CVE-2019-19222 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request. | |||||
| CVE-2016-11021 | 1 Dlink | 2 Dcs-930l, Dcs-930l Firmware | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. | |||||