Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Filtered by product Dir-850l
Total 29 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5681 2 D-link, Dlink 20 Dir-817l\(w\) Firmware, Dir-818l\(w\) Firmware, Dir-823 Firmware and 17 more 2024-11-21 9.3 HIGH 9.8 CRITICAL
Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.
CVE-2023-49004 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-02-05 N/A 9.8 CRITICAL
An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter.
CVE-2021-46379 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.
CVE-2018-18907 1 Dlink 2 Dir-850l, Dir-850l Firmare 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption.
CVE-2021-46378 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-02-04 5.0 MEDIUM 7.5 HIGH
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.
CVE-2019-7642 1 Dlink 10 Dir-816, Dir-816 Firmware, Dir-816l and 7 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
CVE-2016-6563 1 Dlink 18 Dir-818l\(w\), Dir-818l\(w\) Firmware, Dir-822 and 15 more 2024-02-04 10.0 HIGH 9.8 CRITICAL
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
CVE-2018-20675 1 Dlink 8 Dir-822, Dir-822-us, Dir-822-us Firmware and 5 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.
CVE-2018-20674 1 Dlink 8 Dir-822, Dir-822-us, Dir-822-us Firmware and 5 more 2024-02-04 6.5 MEDIUM 8.8 HIGH
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.
CVE-2018-9032 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-02-04 7.5 HIGH 9.8 CRITICAL
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.
CVE-2017-14419 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2024-02-04 4.3 MEDIUM 5.9 MEDIUM
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.
CVE-2017-14418 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2024-02-04 4.3 MEDIUM 8.1 HIGH
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.
CVE-2017-14430 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2024-02-04 5.0 MEDIUM 7.5 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.
CVE-2017-14424 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2024-02-04 2.1 LOW 7.8 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.
CVE-2017-14415 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.
CVE-2017-14417 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2024-02-04 7.5 HIGH 9.8 CRITICAL
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.
CVE-2017-14413 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.
CVE-2017-14427 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2024-02-04 2.1 LOW 7.8 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.
CVE-2017-14428 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2024-02-04 2.1 LOW 7.8 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.
CVE-2017-14416 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.