DIR-655C
by Dlink
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-16920 | 0.20 | — | 1.00 | KEV | Sep 27, 2019 | Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who… | ||
| CVE-2019-13561 | 0.02 | — | 0.08 | Jul 11, 2019 | D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. | |||
| CVE-2019-13563 | 0.00 | — | 0.01 | Jul 11, 2019 | D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. | |||
| CVE-2019-13562 | 0.00 | — | 0.02 | Jul 11, 2019 | D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter. | |||
| CVE-2019-13560 | 0.00 | — | 0.04 | Jul 11, 2019 | D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. | |||
| CVE-2014-9518 | 0.00 | — | 0.01 | Jan 5, 2015 | Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter. |
- risk 0.20cvss —epss 1.00
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who…
- CVE-2019-13561Jul 11, 2019risk 0.02cvss —epss 0.08
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.
- CVE-2019-13563Jul 11, 2019risk 0.00cvss —epss 0.01
D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console.
- CVE-2019-13562Jul 11, 2019risk 0.00cvss —epss 0.02
D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter.
- CVE-2019-13560Jul 11, 2019risk 0.00cvss —epss 0.04
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter.
- CVE-2014-9518Jan 5, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter.