Filtered by vendor Dlink
Subscribe
Total
1477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44808 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-04-25 | N/A | 9.8 CRITICAL |
| A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. | |||||
| CVE-2025-29043 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-04-25 | N/A | 9.8 CRITICAL |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234 | |||||
| CVE-2025-29042 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-04-25 | N/A | 9.8 CRITICAL |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c | |||||
| CVE-2025-29039 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-04-25 | N/A | 7.2 HIGH |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8 | |||||
| CVE-2022-44930 | 1 Dlink | 2 Dhp-w310av, Dhp-w310av Firmware | 2025-04-24 | N/A | 9.8 CRITICAL |
| D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | |||||
| CVE-2022-44832 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. | |||||
| CVE-2024-27655 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-04-21 | N/A | 8.8 HIGH |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. | |||||
| CVE-2024-27656 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-04-21 | N/A | 8.8 HIGH |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. | |||||
| CVE-2024-27657 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-04-21 | N/A | 8.8 HIGH |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. | |||||
| CVE-2024-27658 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-04-21 | N/A | 6.5 MEDIUM |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2017-12943 | 2 D-link, Dlink | 2 Dir-600 B1 Firmware, Dir-600 B1 | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | |||||
| CVE-2016-10185 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf. | |||||
| CVE-2016-10177 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. | |||||
| CVE-2017-6205 | 1 Dlink | 7 Websmart Dgs-1510-20, Websmart Dgs-1510-28, Websmart Dgs-1510-28p and 4 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors. | |||||
| CVE-2017-14419 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. | |||||
| CVE-2017-14418 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. | |||||
| CVE-2017-6411 | 1 Dlink | 2 Dsl-2730u, Dsl-2730u Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. | |||||
| CVE-2017-16765 | 1 Dlink | 2 Dwr-933, Dwr-933 Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. | |||||
| CVE-2017-11436 | 1 Dlink | 1 Dir-615 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. | |||||
| CVE-2014-7858 | 2 D-link, Dlink | 2 Dnr-326 Firmware, Dnr-326 | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | |||||