Filtered by vendor Dlink
Subscribe
Total
1263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10892 | 1 Dlink | 2 Dir-806, Dir-806 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnap_main at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users. And it finally leads to a stack-based buffer overflow via a special HTTP header. | |||||
| CVE-2019-10042 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication. | |||||
| CVE-2019-10041 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication. | |||||
| CVE-2019-10040 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication. | |||||
| CVE-2019-10039 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication. | |||||
| CVE-2019-1010155 | 1 Dlink | 2 Dsl-2750u, Dsl-2750u Firmware | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| ** DISPUTED ** D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can't actually configure anything. Thus, there is no denial of service or information leakage. | |||||
| CVE-2018-9284 | 2 D-link, Dlink | 2 Singapore Starhub Firmware, Dir-868l | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. | |||||
| CVE-2018-9032 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. | |||||
| CVE-2018-8941 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi. | |||||
| CVE-2018-8898 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel. | |||||
| CVE-2018-7859 | 1 Dlink | 16 Dgs-1510-20, Dgs-1510-20 Firmware, Dgs-1510-28 and 13 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit. | |||||
| CVE-2018-6936 | 2 D-link, Dlink | 2 Dir-600m C1 Firmware, Dir-600m C1 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. | |||||
| CVE-2018-6529 | 2 D-link, Dlink | 6 Dir-860l Firmware, Dir-860l, Dir-865l and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. | |||||
| CVE-2018-6528 | 2 D-link, Dlink | 6 Dir-860l Firmware, Dir-860l, Dir-865l and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. | |||||
| CVE-2018-6527 | 2 D-link, Dlink | 6 Dir-860l Firmware, Dir-860l, Dir-865l and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. | |||||
| CVE-2018-6213 | 2 D-link, Dlink | 2 Dir-620 Firmware, Dir-620 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account. | |||||
| CVE-2018-6212 | 2 D-link, Dlink | 2 Dir-620 Firmware, Dir-620 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object. | |||||
| CVE-2018-6211 | 2 D-link, Dlink | 2 Dir-620 Firmware, Dir-620 | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi. | |||||
| CVE-2018-6210 | 1 Dlink | 2 Dir-620, Dir-620 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. | |||||
| CVE-2018-5708 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2024-11-21 | 6.1 MEDIUM | 8.0 HIGH |
| An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML. | |||||