VYPR

DIR-822

by Dlink

CVEs (22)

  • CVE-2016-6563CriJul 13, 2018
    risk 0.73cvss 9.8epss 0.80

    Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected:…

  • CVE-2018-19986CriMay 13, 2019
    risk 0.67cvss 9.8epss 0.42

    In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the…

  • CVE-2024-33344CriApr 26, 2024
    risk 0.65cvss 9.8epss 0.20

    D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.

  • CVE-2018-19987CriMay 13, 2019
    risk 0.65cvss 9.8epss 0.13

    D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code,…

  • CVE-2023-51987CriJan 11, 2024
    risk 0.64cvss 9.8epss 0.01

    D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords.

  • CVE-2023-51984CriJan 11, 2024
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell.

  • CVE-2018-19990CriMay 13, 2019
    risk 0.64cvss 9.8epss 0.05

    In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and…

  • CVE-2018-20675CriJan 9, 2019
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.

  • CVE-2024-33343HigApr 26, 2024
    risk 0.58cvss 8.8epss 0.08

    D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.

  • CVE-2018-20674HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.03

    D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.

  • CVE-2024-34950HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.05

    D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.

  • CVE-2024-33342HigApr 26, 2024
    risk 0.49cvss 7.5epss 0.02

    D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.

  • CVE-2026-7067HigApr 27, 2026
    risk 0.48cvss 7.3epss 0.02

    A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The…

  • CVE-2025-13306MedNov 18, 2025
    risk 0.41cvss 6.3epss 0.07

    A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack…

  • CVE-2024-0717MedJan 19, 2024
    risk 0.36cvss 5.3epss 0.18

    A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S,…

  • CVE-2025-13552Nov 23, 2025
    risk 0.00cvss epss 0.01

    A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from…

  • CVE-2025-13551Nov 23, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be…

  • CVE-2025-13550Nov 23, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely.…

  • CVE-2025-13549Nov 23, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made…

  • CVE-2025-13548Nov 23, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The…

Page 1 of 2