Vulnerabilities (CVE)

Filtered by vendor D-link Subscribe
Total 156 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14429 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-05-06 10.0 HIGH 9.8 CRITICAL
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.
CVE-2022-44929 1 D-link 2 Dvg-g5402sp, Dvg-g5402sp Firmware 2025-04-24 N/A 9.8 CRITICAL
An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles.
CVE-2022-44928 1 D-link 2 Dvg-g5402sp, Dvg-g5402sp Firmware 2025-04-24 N/A 9.8 CRITICAL
D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.
CVE-2017-12943 2 D-link, Dlink 2 Dir-600 B1 Firmware, Dir-600 B1 2025-04-20 5.0 MEDIUM 9.8 CRITICAL
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
CVE-2017-14419 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.
CVE-2017-14418 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 4.3 MEDIUM 8.1 HIGH
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.
CVE-2014-7858 2 D-link, Dlink 2 Dnr-326 Firmware, Dnr-326 2025-04-20 10.0 HIGH 9.8 CRITICAL
The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.
CVE-2017-14430 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 5.0 MEDIUM 7.5 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.
CVE-2017-7398 2 D-link, Dlink 2 Dir-615 Firmware, Dir-615 2025-04-20 6.8 MEDIUM 8.8 HIGH
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password.
CVE-2017-14424 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 2.1 LOW 7.8 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.
CVE-2017-14415 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.
CVE-2017-7851 2 D-link, Dlink 2 Dcs-936l, Dcs-936l 2025-04-20 6.8 MEDIUM 8.8 HIGH
D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
CVE-2017-14417 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 7.5 HIGH 9.8 CRITICAL
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.
CVE-2017-14413 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.
CVE-2014-7860 2 D-link, Dlink 4 Dns-320l Firmware, Dns-327l Firmware, Dns-320l and 1 more 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.
CVE-2017-14427 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 2.1 LOW 7.8 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.
CVE-2015-7247 2 D-link, Dlink 2 Dvg-n5402sp Firmware, Dvg-n5402sp 2025-04-20 7.8 HIGH 9.8 CRITICAL
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.
CVE-2015-7245 2 D-link, Dlink 2 Dvg-n5402sp Firmware, Dvg-n5402sp 2025-04-20 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
CVE-2014-7859 2 D-link, Dlink 10 Dnr-320l Firmware, Dnr-326 Firmware, Dns-320lw Firmware and 7 more 2025-04-20 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.
CVE-2017-14428 2 D-link, Dlink 2 Dir-850l Firmware, Dir-850l 2025-04-20 2.1 LOW 7.8 HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.