DSL-224
by Dlink
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-0717 | 0.02 | — | 0.18 | Jan 19, 2024 | A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S,… | |||
| CVE-2024-38438 | 0.00 | — | 0.01 | Jul 21, 2024 | D-Link - CWE-294: Authentication Bypass by Capture-replay | |||
| CVE-2024-38437 | 0.00 | — | 0.01 | Jul 21, 2024 | D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel | |||
| CVE-2023-32223 | 0.00 | — | 0.02 | Jun 28, 2023 | D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method. | |||
| CVE-2023-32224 | 0.00 | — | 0.01 | Jun 28, 2023 | D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts | |||
| CVE-2022-36786 | 0.00 | — | 0.01 | Nov 17, 2022 | DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. |
- CVE-2024-0717Jan 19, 2024risk 0.02cvss —epss 0.18
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S,…
- CVE-2024-38438Jul 21, 2024risk 0.00cvss —epss 0.01
D-Link - CWE-294: Authentication Bypass by Capture-replay
- CVE-2024-38437Jul 21, 2024risk 0.00cvss —epss 0.01
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel
- CVE-2023-32223Jun 28, 2023risk 0.00cvss —epss 0.02
D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method.
- CVE-2023-32224Jun 28, 2023risk 0.00cvss —epss 0.01
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts
- CVE-2022-36786Nov 17, 2022risk 0.00cvss —epss 0.01
DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.