VYPR
Vendor

Dlink

Products
565
CVEs
1,843
Across products
1,197
Status
Private

Products

565
View all 565 products →

Recent CVEs

1,843
View all 1,843 CVEs →
  • CVE-2018-6530CriKEVMar 6, 2018
    risk 0.89cvss 9.8epss 0.97

    OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and…

  • CVE-2014-8361CriKEVMay 1, 2015
    risk 0.87cvss 9.8epss 1.00

    The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

  • CVE-2015-1187CriKEVSep 21, 2017
    risk 0.85cvss 9.8epss 0.83

    The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.

  • CVE-2015-2051HigKEVFeb 23, 2015
    risk 0.80cvss 8.8epss 0.97

    The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

  • CVE-2016-6563CriJul 13, 2018
    risk 0.73cvss 9.8epss 0.80

    Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected:…

  • CVE-2018-17440CriOct 8, 2018
    risk 0.70cvss 9.8epss 0.37

    An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP…

  • CVE-2018-15839CriAug 28, 2018
    risk 0.70cvss 9.8epss 0.45

    D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.

  • CVE-2017-12943CriAug 18, 2017
    risk 0.70cvss 9.8epss 0.39

    D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.

  • CVE-2014-100005HigKEVJan 13, 2015
    risk 0.70cvss 8.0epss 0.42

    Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management…

  • CVE-2025-34125CriJul 16, 2025
    risk 0.69cvss epss 0.03

    An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary…

  • CVE-2018-9032CriMar 27, 2018
    risk 0.69cvss 9.8epss 0.29

    An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php…

  • CVE-2017-3191CriDec 16, 2017
    risk 0.69cvss 9.8epss 0.63

    D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some…

  • CVE-2018-8898CriMay 23, 2018
    risk 0.68cvss 9.8epss 0.13

    A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and…

  • CVE-2015-7247CriApr 24, 2017
    risk 0.68cvss 9.8epss 0.10

    D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.

  • CVE-2015-7246CriApr 24, 2017
    risk 0.68cvss 9.8epss 0.14

    D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.

  • CVE-2013-10050HigAug 1, 2025
    risk 0.67cvss 8.8epss 0.10

    An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing…

  • CVE-2017-3192CriDec 16, 2017
    risk 0.67cvss 9.8epss 0.39

    D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page…

  • CVE-2014-7859CriAug 25, 2017
    risk 0.65cvss 9.8epss 0.21

    Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and…

  • CVE-2014-7858CriAug 25, 2017
    risk 0.65cvss 9.8epss 0.15

    The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.

  • CVE-2014-7857CriAug 25, 2017
    risk 0.65cvss 9.8epss 0.15

    D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the…