Vendor CVEs
Dlink
All CVEs
1,843 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6530 | Cri | 0.89 | 9.8 | 0.97 | KEV | Mar 6, 2018 | OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and… | |
| CVE-2014-8361 | Cri | 0.87 | 9.8 | 1.00 | KEV | May 1, 2015 | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. | |
| CVE-2015-1187 | Cri | 0.85 | 9.8 | 0.83 | KEV | Sep 21, 2017 | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | |
| CVE-2015-2051 | Hig | 0.80 | 8.8 | 0.97 | KEV | Feb 23, 2015 | The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |
| CVE-2016-6563 | Cri | 0.73 | 9.8 | 0.80 | Jul 13, 2018 | Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected:… | ||
| CVE-2018-17440 | Cri | 0.70 | 9.8 | 0.37 | Oct 8, 2018 | An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP… | ||
| CVE-2018-15839 | Cri | 0.70 | 9.8 | 0.45 | Aug 28, 2018 | D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. | ||
| CVE-2017-12943 | Cri | 0.70 | 9.8 | 0.39 | Aug 18, 2017 | D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | ||
| CVE-2014-100005 | Hig | 0.70 | 8.0 | 0.42 | KEV | Jan 13, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management… | |
| CVE-2025-34125 | Cri | 0.69 | — | 0.03 | Jul 16, 2025 | An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary… | ||
| CVE-2018-9032 | Cri | 0.69 | 9.8 | 0.29 | Mar 27, 2018 | An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php… | ||
| CVE-2017-3191 | Cri | 0.69 | 9.8 | 0.63 | Dec 16, 2017 | D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some… | ||
| CVE-2018-8898 | Cri | 0.68 | 9.8 | 0.13 | May 23, 2018 | A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and… | ||
| CVE-2015-7247 | Cri | 0.68 | 9.8 | 0.10 | Apr 24, 2017 | D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. | ||
| CVE-2015-7246 | Cri | 0.68 | 9.8 | 0.14 | Apr 24, 2017 | D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | ||
| CVE-2013-10050 | Hig | 0.67 | 8.8 | 0.10 | Aug 1, 2025 | An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing… | ||
| CVE-2017-3192 | Cri | 0.67 | 9.8 | 0.39 | Dec 16, 2017 | D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page… | ||
| CVE-2014-7859 | Cri | 0.65 | 9.8 | 0.21 | Aug 25, 2017 | Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and… | ||
| CVE-2014-7858 | Cri | 0.65 | 9.8 | 0.15 | Aug 25, 2017 | The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | ||
| CVE-2014-7857 | Cri | 0.65 | 9.8 | 0.15 | Aug 25, 2017 | D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the… | ||
| CVE-2016-5681 | Cri | 0.65 | 9.8 | 0.12 | Aug 25, 2016 | Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14,… | ||
| CVE-2026-7854 | Cri | 0.64 | 9.8 | 0.06 | May 5, 2026 | A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack… | ||
| CVE-2026-7853 | Cri | 0.64 | 9.8 | 0.02 | May 5, 2026 | A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The… | ||
| CVE-2026-42376 | Cri | 0.64 | 9.8 | 0.00 | May 4, 2026 | D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01_dlob_dir456U" read from… | ||
| CVE-2026-42375 | Cri | 0.64 | 9.8 | 0.00 | May 4, 2026 | D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The… | ||
| CVE-2026-42374 | Cri | 0.64 | 9.8 | 0.00 | May 4, 2026 | D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The… | ||
| CVE-2026-42373 | Cri | 0.64 | 9.8 | 0.00 | May 4, 2026 | D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign.… | ||
| CVE-2026-7248 | Cri | 0.64 | 9.8 | 0.02 | Apr 28, 2026 | A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made… | ||
| CVE-2026-4181 | Cri | 0.64 | 9.8 | 0.01 | Mar 16, 2026 | A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack… | ||
| CVE-2025-29165 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2026 | An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component | ||
| CVE-2024-57595 | Cri | 0.64 | 9.8 | 0.01 | Jan 27, 2025 | DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter "wps_pin" passed to the apc_client_pin.cgi binary through a POST request. | ||
| CVE-2024-45623 | Cri | 0.64 | 9.8 | 0.01 | Sep 2, 2024 | D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no… | ||
| CVE-2018-14081 | Cri | 0.64 | 9.8 | 0.01 | Oct 9, 2018 | An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext. | ||
| CVE-2018-17881 | Cri | 0.64 | 9.8 | 0.01 | Oct 3, 2018 | On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. | ||
| CVE-2018-17787 | Cri | 0.64 | 9.8 | 0.04 | Oct 2, 2018 | On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. | ||
| CVE-2018-17786 | Cri | 0.64 | 9.8 | 0.04 | Oct 2, 2018 | On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. | ||
| CVE-2018-17068 | Cri | 0.64 | 9.8 | 0.04 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter. | ||
| CVE-2018-17067 | Cri | 0.64 | 9.8 | 0.02 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address. | ||
| CVE-2018-17066 | Cri | 0.64 | 9.8 | 0.07 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter. | ||
| CVE-2018-17065 | Cri | 0.64 | 9.8 | 0.02 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address. | ||
| CVE-2018-17064 | Cri | 0.64 | 9.8 | 0.07 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is… | ||
| CVE-2018-17063 | Cri | 0.64 | 9.8 | 0.04 | Sep 15, 2018 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters. | ||
| CVE-2017-11563 | Cri | 0.64 | 9.8 | 0.05 | Aug 24, 2018 | D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP… | ||
| CVE-2018-6213 | Cri | 0.64 | 9.8 | 0.03 | Jun 20, 2018 | In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account. | ||
| CVE-2018-6210 | Cri | 0.64 | 9.8 | 0.03 | Jun 19, 2018 | D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. | ||
| CVE-2018-10968 | Cri | 0.64 | 9.8 | 0.02 | May 18, 2018 | On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. | ||
| CVE-2018-11013 | Cri | 0.64 | 9.8 | 0.07 | May 13, 2018 | Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header. | ||
| CVE-2018-10996 | Cri | 0.64 | 9.8 | 0.05 | May 12, 2018 | The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable. | ||
| CVE-2018-10106 | Cri | 0.64 | 9.8 | 0.02 | Apr 16, 2018 | D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request. | ||
| CVE-2015-0152 | Cri | 0.64 | 9.8 | 0.02 | Apr 12, 2018 | D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password. |
- risk 0.89cvss 9.8epss 0.97
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and…
- risk 0.87cvss 9.8epss 1.00
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
- risk 0.85cvss 9.8epss 0.83
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
- risk 0.80cvss 8.8epss 0.97
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
- risk 0.73cvss 9.8epss 0.80
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected:…
- risk 0.70cvss 9.8epss 0.37
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP…
- risk 0.70cvss 9.8epss 0.45
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
- risk 0.70cvss 9.8epss 0.39
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
- risk 0.70cvss 8.0epss 0.42
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management…
- risk 0.69cvss —epss 0.03
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary…
- risk 0.69cvss 9.8epss 0.29
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php…
- risk 0.69cvss 9.8epss 0.63
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some…
- risk 0.68cvss 9.8epss 0.13
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and…
- risk 0.68cvss 9.8epss 0.10
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.
- risk 0.68cvss 9.8epss 0.14
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
- risk 0.67cvss 8.8epss 0.10
An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing…
- risk 0.67cvss 9.8epss 0.39
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page…
- risk 0.65cvss 9.8epss 0.21
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and…
- risk 0.65cvss 9.8epss 0.15
The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.
- risk 0.65cvss 9.8epss 0.15
D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the…
- risk 0.65cvss 9.8epss 0.12
Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14,…
- risk 0.64cvss 9.8epss 0.06
A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack…
- risk 0.64cvss 9.8epss 0.02
A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The…
- risk 0.64cvss 9.8epss 0.00
D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01_dlob_dir456U" read from…
- risk 0.64cvss 9.8epss 0.00
D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The…
- risk 0.64cvss 9.8epss 0.00
D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The…
- risk 0.64cvss 9.8epss 0.00
D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign.…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made…
- risk 0.64cvss 9.8epss 0.01
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack…
- risk 0.64cvss 9.8epss 0.01
An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component
- risk 0.64cvss 9.8epss 0.01
DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter "wps_pin" passed to the apc_client_pin.cgi binary through a POST request.
- risk 0.64cvss 9.8epss 0.01
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext.
- risk 0.64cvss 9.8epss 0.01
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.
- risk 0.64cvss 9.8epss 0.04
On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function.
- risk 0.64cvss 9.8epss 0.04
On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.
- risk 0.64cvss 9.8epss 0.07
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.
- risk 0.64cvss 9.8epss 0.07
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is…
- risk 0.64cvss 9.8epss 0.04
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
- risk 0.64cvss 9.8epss 0.05
D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP…
- risk 0.64cvss 9.8epss 0.03
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.
- risk 0.64cvss 9.8epss 0.03
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.
- risk 0.64cvss 9.8epss 0.02
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability.
- risk 0.64cvss 9.8epss 0.07
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.
- risk 0.64cvss 9.8epss 0.05
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.
- risk 0.64cvss 9.8epss 0.02
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request.
- risk 0.64cvss 9.8epss 0.02
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password.
Page 1 of 37