Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Total 1263 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5371 2 D-link, Dlink 4 Dsl-2540u Firmware, Dsl-2640u Firmware, Dsl-2540u and 1 more 2024-11-21 9.0 HIGH 8.8 HIGH
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.
CVE-2018-20675 1 Dlink 8 Dir-822, Dir-822-us, Dir-822-us Firmware and 5 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.
CVE-2018-20674 1 Dlink 8 Dir-822, Dir-822-us, Dir-822-us Firmware and 5 more 2024-11-21 6.5 MEDIUM 8.8 HIGH
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.
CVE-2018-20445 1 Dlink 4 Dcm-604, Dcm-604 Firmware, Dcm-704 and 1 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests.
CVE-2018-20432 1 Dlink 4 Covr-2600r, Covr-2600r Firmware, Covr-3902 and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
CVE-2018-20389 2 D-link, Dlink 4 Dcm-604 Firmware, Dcm-704 Firmware, Dcm-604 and 1 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20305 2 D-link, Dlink 2 Dir-816 A2 Firmware, Dir-816 A2 2024-11-21 7.5 HIGH 9.8 CRITICAL
D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address.
CVE-2018-20114 1 Dlink 4 Dir-818lw, Dir-818lw Firmware, Dir-860l and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530.
CVE-2018-20057 2 D-link, Dlink 4 Dir-605l Firmware, Dir-619l Firmware, Dir-605l and 1 more 2024-11-21 9.0 HIGH 8.8 HIGH
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter.
CVE-2018-20056 2 D-link, Dlink 4 Dir-605l Firmware, Dir-619l Firmware, Dir-605l and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter.
CVE-2018-19990 2 D-link, Dlink 2 Dir-822 Firmware, Dir-822 2024-11-21 10.0 HIGH 9.8 CRITICAL
In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and $rphyinf2."/media/wps/enrollee/pin" and $rphyinf3."/media/wps/enrollee/pin" internal configuration memory without any regex checking. And in the do_wps function of the wps.php source code, the data in $rphyinf3."/media/wps/enrollee/pin" is used with the wpatalk command without any regex checking. A vulnerable /HNAP1/SetWiFiVerifyAlpha XML message could have shell metacharacters in the WPSPIN element such as the `telnetd` string.
CVE-2018-19989 2 D-link, Dlink 3 Dir-822 Firmware, Dir-822, Dir-822 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth internal configuration memory without any regex checking. And in the bwc_tc_spq_start, bwc_tc_wfq_start, and bwc_tc_adb_start functions of the bwcsvcs.php source code, the data in /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth is used with the tc command without any regex checking. A vulnerable /HNAP1/SetQoSSettings XML message could have shell metacharacters in the uplink element such as the `telnetd` string.
CVE-2018-19988 2 D-link, Dlink 2 Dir-868l Firmware, Dir-868l 2024-11-21 7.5 HIGH 9.8 CRITICAL
In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the '`telnetd`' string.
CVE-2018-19987 2 D-link, Dlink 13 Dir-818lw Firmware, Dir-822 Firmware, Dir-860l Firmware and 10 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.
CVE-2018-19986 2 D-link, Dlink 4 Dir-818lw Firmware, Dir-822 Firmware, Dir-818lw and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string.
CVE-2018-19300 2 D-link, Dlink 17 Dap-1530 Firmware, Dap-1610 Firmware, Dwr-116 Firmware and 14 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well.
CVE-2018-18907 1 Dlink 2 Dir-850l, Dir-850l Firmare 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption.
CVE-2018-18767 2 D-link, Dlink 3 Dcs-825l Firmware, Dcs-825l, Mydlink Baby Camera Monitor 2024-11-21 1.9 LOW 7.0 HIGH
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials.
CVE-2018-18636 2 D-link, Dlink 2 Dsl-2640t Firmware, Dsl-2640t 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter.
CVE-2018-18442 2 D-link, Dlink 2 Dcs-825l Firmware, Dcs-825l 2024-11-21 7.8 HIGH 7.5 HIGH
D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN flooding, UDP flooding, ICMP flooding, and SYN-ACK flooding.