dir815
by Dlink
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-22651 | 0.06 | — | 0.73 | Jan 24, 2024 | There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. | |||
| CVE-2023-51123 | 0.04 | — | 0.50 | Jan 10, 2024 | An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. | |||
| CVE-2024-0717 | 0.02 | — | 0.28 | Jan 19, 2024 | A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S,… | |||
| CVE-2014-8888 | 0.01 | — | 0.08 | Apr 12, 2018 | The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue." | |||
| CVE-2018-25115 | 0.00 | — | 0.01 | Aug 27, 2025 | Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication.… | |||
| CVE-2025-6328 | 0.00 | — | 0.01 | Jun 20, 2025 | A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been… | |||
| CVE-2023-37758 | 0.00 | — | 0.00 | Jul 18, 2023 | D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi. | |||
| CVE-2018-10107 | 0.00 | — | 0.00 | Apr 16, 2018 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php. | |||
| CVE-2018-10106 | 0.00 | — | 0.01 | Apr 16, 2018 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request. | |||
| CVE-2018-10108 | 0.00 | — | 0.00 | Apr 16, 2018 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php. | |||
| CVE-2015-0151 | 0.00 | — | 0.00 | Apr 12, 2018 | Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||
| CVE-2015-0153 | 0.00 | — | 0.00 | Apr 12, 2018 | D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key. | |||
| CVE-2015-0152 | 0.00 | — | 0.01 | Apr 12, 2018 | D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password. | |||
| CVE-2015-0150 | 0.00 | — | 0.01 | Apr 12, 2018 | The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors. |
- CVE-2024-22651Jan 24, 2024risk 0.06cvss —epss 0.73
There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.
- CVE-2023-51123Jan 10, 2024risk 0.04cvss —epss 0.50
An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.
- CVE-2024-0717Jan 19, 2024risk 0.02cvss —epss 0.28
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S,…
- CVE-2014-8888Apr 12, 2018risk 0.01cvss —epss 0.08
The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."
- CVE-2018-25115Aug 27, 2025risk 0.00cvss —epss 0.01
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication.…
- CVE-2025-6328Jun 20, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been…
- CVE-2023-37758Jul 18, 2023risk 0.00cvss —epss 0.00
D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi.
- CVE-2018-10107Apr 16, 2018risk 0.00cvss —epss 0.00
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.
- CVE-2018-10106Apr 16, 2018risk 0.00cvss —epss 0.01
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request.
- CVE-2018-10108Apr 16, 2018risk 0.00cvss —epss 0.00
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.
- CVE-2015-0151Apr 12, 2018risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
- CVE-2015-0153Apr 12, 2018risk 0.00cvss —epss 0.00
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.
- CVE-2015-0152Apr 12, 2018risk 0.00cvss —epss 0.01
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password.
- CVE-2015-0150Apr 12, 2018risk 0.00cvss —epss 0.01
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors.