Filtered by vendor Dlink
Subscribe
Total
719 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-6529 | 2 D-link, Dlink | 6 Dir-860l Firmware, Dir-860l, Dir-865l and 3 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. | |||||
CVE-2018-10110 | 2 D-link, Dlink | 2 Dir-615 T1 Firmware, Dir-615 T1 | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
D-Link DIR-615 T1 devices allow XSS via the Add User feature. | |||||
CVE-2018-6210 | 1 Dlink | 2 Dir-620, Dir-620 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. | |||||
CVE-2015-0150 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2018-6211 | 2 D-link, Dlink | 2 Dir-620 Firmware, Dir-620 | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi. | |||||
CVE-2018-10750 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
CVE-2018-10747 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
CVE-2018-9032 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. | |||||
CVE-2015-0152 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password. | |||||
CVE-2018-8941 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi. | |||||
CVE-2018-10713 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | |||||
CVE-2018-10107 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php. | |||||
CVE-2014-8888 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue." | |||||
CVE-2018-10108 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php. | |||||
CVE-2018-8898 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel. | |||||
CVE-2017-17020 | 1 Dlink | 6 Dcs-5009, Dcs-5009 Firmware, Dcs-5010 and 3 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system. | |||||
CVE-2018-9284 | 2 D-link, Dlink | 2 Singapore Starhub Firmware, Dir-868l | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. | |||||
CVE-2018-6527 | 2 D-link, Dlink | 6 Dir-860l Firmware, Dir-860l, Dir-865l and 3 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. | |||||
CVE-2015-0153 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key. | |||||
CVE-2018-10749 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. |