Filtered by vendor Dlink
Subscribe
Total
719 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14414 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | |||||
CVE-2017-3193 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. | |||||
CVE-2016-10185 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf. | |||||
CVE-2016-10177 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. | |||||
CVE-2017-6205 | 1 Dlink | 7 Websmart Dgs-1510-20, Websmart Dgs-1510-28, Websmart Dgs-1510-28p and 4 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors. | |||||
CVE-2017-6411 | 1 Dlink | 2 Dsl-2730u, Dsl-2730u Firmware | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. | |||||
CVE-2017-7398 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. | |||||
CVE-2016-10181 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests. | |||||
CVE-2015-7247 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2024-02-04 | 7.8 HIGH | 9.8 CRITICAL |
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. | |||||
CVE-2015-7245 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. | |||||
CVE-2016-10186 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules. | |||||
CVE-2016-10183 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal. | |||||
CVE-2017-6190 | 1 Dlink | 3 Dwr-116, Dwr-116 Firmware, Dwr-116a1 | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request. | |||||
CVE-2016-10179 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. | |||||
CVE-2017-5633 | 2 D-link, Dlink | 2 Di-524 Firmware, Di-524 | 2024-02-04 | 8.5 HIGH | 8.0 HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. | |||||
CVE-2017-9100 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. | |||||
CVE-2016-1559 | 2 D-link, Dlink | 6 Dap-1353 H\/w B1 Firmware, Dap-2553 H\/w A1 Firmware, Dap-3520 H\/w A1 Firmware and 3 more | 2024-02-04 | 2.6 LOW | 8.1 HIGH |
D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. | |||||
CVE-2016-10182 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters. | |||||
CVE-2016-10125 | 1 Dlink | 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | |||||
CVE-2016-10184 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. |