Filtered by vendor Dlink
Subscribe
Total
719 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-42159 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2024-02-04 | N/A | 4.3 MEDIUM |
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator. | |||||
CVE-2022-36619 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | N/A | 7.5 HIGH |
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. | |||||
CVE-2020-21016 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php. | |||||
CVE-2022-36523 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | |||||
CVE-2022-43002 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. | |||||
CVE-2022-43184 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi. | |||||
CVE-2022-37056 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | |||||
CVE-2022-37057 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. | |||||
CVE-2022-35619 | 1 Dlink | 2 Dir-818l, Dir-818l Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main. | |||||
CVE-2022-36588 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy. | |||||
CVE-2022-36526 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-02-04 | N/A | 7.5 HIGH |
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin. | |||||
CVE-2022-38258 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2024-02-04 | N/A | 8.1 HIGH |
A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request. | |||||
CVE-2022-37128 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. | |||||
CVE-2022-37133 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | N/A | 7.5 HIGH |
D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end. | |||||
CVE-2022-37123 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | N/A | 8.8 HIGH |
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. | |||||
CVE-2022-34973 | 1 Dlink | 2 Dir820la1, Dir820la1 Firmware | 2024-02-04 | N/A | 7.5 HIGH |
D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. | |||||
CVE-2022-43109 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet. | |||||
CVE-2022-36524 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-02-04 | N/A | 7.5 HIGH |
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh. | |||||
CVE-2022-37129 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-04 | N/A | 8.8 HIGH |
D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection. | |||||
CVE-2022-42161 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2024-02-04 | N/A | 8.8 HIGH |
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. |