DIR878

CVEs (50)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2024-0717	Dlink Dir 615	0.02	—	0.28	Jan 19, 2024	A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S,…
CVE-2022-48108	Dlink DIR878	0.02	—	0.22	Jan 27, 2023	D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-37130	Dlink DIR-816	0.02	—	0.30	Aug 31, 2022	In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability
CVE-2022-43184	Dlink DIR878	0.01	—	0.08	Oct 19, 2022	D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.
CVE-2021-44880	Dlink DIR878	0.01	—	0.17	Feb 4, 2022	D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.
CVE-2021-44882	Dlink DIR878	0.01	—	0.09	Feb 4, 2022	D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.
CVE-2020-15633	Dlink DIR-867	0.01	—	0.08	Jul 23, 2020	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…
CVE-2020-8864	Dlink DIR-867	0.01	—	0.12	Mar 23, 2020	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…
CVE-2025-0481	Dlink DIR878	0.00	—	0.01	Jan 15, 2025	A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The…
CVE-2024-48635	Dlink DIR878	0.00	—	0.01	Oct 17, 2024	D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
CVE-2024-48632	Dlink DIR878	0.00	—	0.00	Oct 17, 2024	D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute…
CVE-2024-48629	Dlink DIR878	0.00	—	0.01	Oct 17, 2024	D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST…
CVE-2024-48637	Dlink DIR878	0.00	—	0.01	Oct 17, 2024	D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
CVE-2024-48636	Dlink DIR878	0.00	—	0.01	Oct 17, 2024	D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
CVE-2024-48630	Dlink DIR878	0.00	—	0.00	Oct 17, 2024	D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
CVE-2024-48634	Dlink DIR878	0.00	—	0.03	Oct 17, 2024	D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
CVE-2024-48633	Dlink DIR878	0.00	—	0.00	Oct 17, 2024	D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows…
CVE-2024-48631	Dlink DIR878	0.00	—	0.01	Oct 17, 2024	D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
CVE-2024-48638	Dlink DIR878	0.00	—	0.01	Oct 17, 2024	D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST…
CVE-2023-30061	Dlink DIR878	0.00	—	0.01	May 1, 2023	D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi.

CVE-2024-0717Jan 19, 2024
Dlink
Dir 615
risk 0.02cvss —epss 0.28
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S,…
CVE-2022-48108Jan 27, 2023
Dlink
DIR878
risk 0.02cvss —epss 0.22
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-37130Aug 31, 2022
Dlink
DIR-816
risk 0.02cvss —epss 0.30
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability
CVE-2022-43184Oct 19, 2022
Dlink
DIR878
risk 0.01cvss —epss 0.08
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.
CVE-2021-44880Feb 4, 2022
Dlink
DIR878
risk 0.01cvss —epss 0.17
D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.
CVE-2021-44882Feb 4, 2022
Dlink
DIR878
risk 0.01cvss —epss 0.09
D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.
CVE-2020-15633Jul 23, 2020
Dlink
DIR-867
risk 0.01cvss —epss 0.08
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…
CVE-2020-8864Mar 23, 2020
Dlink
DIR-867
risk 0.01cvss —epss 0.12
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…
CVE-2025-0481Jan 15, 2025
Dlink
DIR878
risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The…
CVE-2024-48635Oct 17, 2024
Dlink
DIR878
risk 0.00cvss —epss 0.01
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
CVE-2024-48632Oct 17, 2024
Dlink
DIR878
risk 0.00cvss —epss 0.00
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute…
CVE-2024-48629Oct 17, 2024
Dlink
DIR878
risk 0.00cvss —epss 0.01
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST…
CVE-2024-48637Oct 17, 2024
Dlink
DIR878
risk 0.00cvss —epss 0.01
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
CVE-2024-48636Oct 17, 2024
Dlink
DIR878
risk 0.00cvss —epss 0.01
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
CVE-2024-48630Oct 17, 2024
Dlink
DIR878
risk 0.00cvss —epss 0.00
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
CVE-2024-48634Oct 17, 2024
Dlink
DIR878
risk 0.00cvss —epss 0.03
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
CVE-2024-48633Oct 17, 2024
Dlink
DIR878
risk 0.00cvss —epss 0.00
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows…
CVE-2024-48631Oct 17, 2024
Dlink
DIR878
risk 0.00cvss —epss 0.01
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
CVE-2024-48638Oct 17, 2024
Dlink
DIR878
risk 0.00cvss —epss 0.01
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST…
CVE-2023-30061May 1, 2023
Dlink
DIR878
risk 0.00cvss —epss 0.01
D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi.

Page 1 of 3