Filtered by vendor D-link
Subscribe
Total
157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14423 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. | |||||
| CVE-2017-14429 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh. | |||||
| CVE-2017-3192 | 2 D-link, Dlink | 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device. | |||||
| CVE-2017-3191 | 2 D-link, Dlink | 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials. | |||||
| CVE-2017-14421 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. | |||||
| CVE-2017-17065 | 1 D-link | 2 Dir-605l Model B, Dir-605l Model B Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request. | |||||
| CVE-2017-14425 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. | |||||
| CVE-2015-1187 | 3 D-link, Dlink, Trendnet | 30 Dir-626l Firmware, Dir-636l Firmware, Dir-651 Firmware and 27 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | |||||
| CVE-2017-14422 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||
| CVE-2017-10676 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. | |||||
| CVE-2017-14414 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | |||||
| CVE-2017-3193 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. | |||||
| CVE-2017-7398 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. | |||||
| CVE-2015-7247 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2024-02-04 | 7.8 HIGH | 9.8 CRITICAL |
| D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2015-7245 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. | |||||
| CVE-2017-5633 | 2 D-link, Dlink | 2 Di-524 Firmware, Di-524 | 2024-02-04 | 8.5 HIGH | 8.0 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. | |||||
| CVE-2016-1559 | 2 D-link, Dlink | 6 Dap-1353 H\/w B1 Firmware, Dap-2553 H\/w A1 Firmware, Dap-3520 H\/w A1 Firmware and 3 more | 2024-02-04 | 2.6 LOW | 8.1 HIGH |
| D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. | |||||
| CVE-2015-7246 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | |||||
| CVE-2017-5874 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | |||||
| CVE-2016-5681 | 2 D-link, Dlink | 20 Dir-817l\(w\) Firmware, Dir-818l\(w\) Firmware, Dir-823 Firmware and 17 more | 2024-02-04 | 9.3 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie. | |||||