Filtered by vendor Dlink
Subscribe
Total
841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9376 | 1 Dlink | 2 Dir-610, Dir-610 Firmware | 2024-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-41504 | 1 Dlink | 4 Dcs-5000l, Dcs-5000l Firmware, Dcs-932l and 1 more | 2024-08-04 | 5.2 MEDIUM | 8.0 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-41503 | 2 D-link, Dlink | 4 Dcs-5000l Firmware, Dcs-5000l, Dcs-932l and 1 more | 2024-08-04 | 5.2 MEDIUM | 8.0 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-39615 | 1 Dlink | 2 Dsr-500n, Dsr-500n Firmware | 2024-08-04 | 10.0 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-39613 | 1 Dlink | 2 Dvg-3104ms, Dvg-3104ms Firmware | 2024-08-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-29379 | 1 Dlink | 2 Dir-802, Dir-802 Firmware | 2024-08-03 | 5.8 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-29296 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched. | |||||
| CVE-2021-29295 | 1 Dlink | 2 Dsp-w215, Dsp-w215 Firmware | 2024-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 and all hardware revisions is considered End of Life and as such this issue will not be patched. | |||||
| CVE-2021-29294 | 1 Dlink | 2 Dsl-2740r, Dsl-2740r Firmware | 2024-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. It could be triggered by sending crafted POST request to /HNAP1/. NOTE: The DSL-2740R and all hardware revisions are considered End of Life and as such this issue will not be patched. | |||||
| CVE-2021-3182 | 1 Dlink | 2 Dcs-5220, Dcs-5220 Firmware | 2024-08-03 | 7.7 HIGH | 8.0 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-36092 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-36090 | 1 Dlink | 2 Dir-885l, Dir-885l Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-36089 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-29856 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary. | |||||
| CVE-2023-5322 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2024-08-02 | 5.8 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/edit_manageadmin.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240992. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2023-5154 | 1 Dlink | 2 Dar-8000, Dar-8000 Firmware | 2024-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240250 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2023-5153 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2024-08-02 | 6.5 MEDIUM | 6.5 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the file /Tool/querysql.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2023-5152 | 1 Dlink | 2 Dar-8000, Dar-8000 Firmware | 2024-08-02 | 6.5 MEDIUM | 6.5 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240248. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2023-5151 | 1 Dlink | 2 Dar-8000, Dar-8000 Firmware | 2024-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functionality of the file /autheditpwd.php. The manipulation of the argument hid_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240247. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2023-5150 | 1 Dlink | 4 Dar-7000, Dar-7000 Firmware, Dar-8000 and 1 more | 2024-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240246 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||